Social engineering in cybercrime refers to psychological manipulation to trick individuals into divulging sensitive information or performing actions that may compromise their security. Some common social engineering tactics include phishing, pretexting, baiting, quid pro quo, and scareware.
In April 2022, The ZLoader botnet responsible for distributing the ZLoader malware was taken down in a joint effort with Microsoft, ESET, Black Lotus Labs, Palo Alto Networks, HealthISAC, and Financial Services-ISAC.
In the CS Hub Mid-Year Market Report 2022, 75 percent of respondents cited social engineering/phishing attacks as their organization’s top threat to cyber security. According to Security InfoWatch, social engineering attacks cost companies $130,000 through money theft or data destruction. Social engineering can lead to broader breaches and reach hundreds of thousands, if not millions.
Types of social engineering in cybercrime:
Phishing: This is a tactic where attackers send emails or messages that appear to be from a legitimate source, such as a bank or government agency, to obtain sensitive information such as login credentials or credit card numbers.
Spear phishing: A type of cyber attack in which a cybercriminal targets a specific individual or organization using personalized and often convincing email messages or other communication methods based on characteristics, job positions, and contacts belonging to their victims to make their attacks less conspicuous. It requires more effort and may take months to prepare, but it is harder to detect and have better success rates if done skillfully.
Pretexting: This scheme involves creating a fake scenario or identity to convince a victim to provide sensitive information. For example, an attacker may pretend to be a company representative and ask for an employee’s login credentials.
Baiting: This kind of cyber attack uses a false promise to entice a victim into taking action, such as downloading malware or visiting a compromised website. For example, an attacker may offer a free gift or prize in exchange for personal information.
Quid pro quo: This involves offering a victim something in exchange for sensitive information or access to a computer or network. For example, an attacker may provide technical support in exchange for remote access to a victim’s computer. Therein lies the rub, as successful ransomware installation, for instance, can let attackers hold your files hostage for large sums of money.
Scareware: This cyber scheme uses fear and urgency to convince a victim to take action, such as purchasing fake anti-virus software or giving away personal information. For example, an attacker may use pop-up windows that claim the victim’s computer is infected with a virus and prompt them to download malware.
It is essential to be aware of social engineering tactics and to take steps to protect your privacy. This includes being skeptical of unsolicited emails or messages, not sharing personal information over the phone or online, and being wary of unexpected phone calls or visits from people claiming to be from an organization. Finally, and most importantly, protect your data by removing your personal information from the internet.