Social engineering is all about making someone do something they should not do. Like the hacker who impersonated an employee
There are weaknesses in every system, and people are no exception. So, let’s look at some of our behavioral patterns and trends that leave us open to attack. Hold on to your faith in humanity, it is about to be tested.
One of the most frequently exploited human weaknesses in social engineering is greed: offer people what they want. You’ve probably encountered such mails in your spam folder:
This is one of the most common types of phishing attacks. The attacker profits from the greed of the victim. There are hundreds of varieties of such attacks, but they all have one thing in common: the attacker promises the victim a large sum of money in exchange for some basic details, such as name, age and phone number. After the attacker insists on it, they then ask the victim for financial information or even try to make them pay directly.
Greed is a weakness that makes us all vulnerable. If you thought that such attacks are no longer happening,
The above type of attack is becoming more and more common, given recent data leaks. The attacker claims that he has some very personal information which he threatens to leak if the victim does not pay. After hacking Ashley Madison in 2015, thousands of victims received emails blackmailing them to pass on some bitcoins or their deepest and darkest secrets will be revealed. It is believed that the attackers fled with hundreds of thousands of dollars.
And then there’s this.
The chat screenshot you see above is the actual conversation between the attacker and his victim from this
Fear can indeed be a powerful tool to wreak havoc in the hands of an attacker.
Let’s take another look at the above image. In particular, the last line:
The attacker threatens the victim to act within 48 hours, otherwise their personal data will be leaked. Setting a time limit on the threat puts it in very real conditions from the victim’s perspective. If they really believe they should obey now, they may not act rationally and yield to demands that they would not otherwise have.
However, it is not just hackers, the sense of urgency is actively used by companies and marketers to make you buy something. You have probably seen ads trying to exploit this vulnerability:
“The offer is only valid for the next 24 hours!”
“Call right now to get a 20% discount!”
Make no mistake, this is the same social engineering as the above examples. The use of urgency often increases the chances of forcing the victim to do something that she would not have done otherwise.
The most obvious example of using our curiosity is the clickbite. You have definitely seen names like these:
Top 5 things you need to know about [insert something useless]!
You will not believe what happened next!!
#5 This will blow up your mind!
Most people will know that a 51-year-old woman can’t just take her face off and become 25, and yet we have it:
They are not trying to be actually correct, they are not even trying to give you any value. They have one goal – to do everything you can to push a button. And if the first page of sites like
Now let’s test the following vulnerability. This will blow up your brain.
We may not think of empathy as a weakness, but even when we are the most humble and kind, there are those who will try to use it. Here is an example for you:
I assure you, the attacker definitely did not write it with tears in his eyes. Again, this type of attack is mainly aimed at the naive, but it can be especially dangerous if you see that something like this comes from someone you know. If the attacker takes control of an e-mail account, he can send such e-mails to everyone in the victim’s contact list.
If you see that the above mail comes from someone you know, what would you do? When we see a message from a known person, we immediately lose our vigilance. We do not expect that our friends or colleagues will try to deceive and deceive us. And this gives us another vulnerability that an attacker can exploit.
#7 Respect for authority
Your TV stops working. You will call the TV person. After a while, a person who looks like a TV presenter appears at your door. How often do people check the identity card of their TV presenter? ( By the way, this is largely a story
When a person looks and acts in a certain way, we automatically begin to form expectations, an image in our consciousness based on our past experiences. And this generates another form of phishing:
Looks pretty convincing, doesn’t it? There are no obvious red flags, grammar, logos, even a link to unsubscribe – it may well seem authentic to the untrained eye. Combined with the fact that most people probably do not know what the URL of their local police department’s website is, this attack can be quite dangerous.
Almost all attacks of social engineering can be protected as long as we are constantly vigilant. Each individual attack above relies on you not looking too closely at something, like URL address in a phishing attack. Even real scammers and cheaters rely on you to be poorly informed, inattentive, and trustworthy.
Your browser can warn you if a website looks malicious, your email service can deftly place the most obvious attacks in your spam folder, but you end up alone. It’s up to you to learn how best to protect yourself from everything that the Internet (and beyond) can throw at you.
These were the seven deadly sins of social engineering. Realizing your weakness, you can better protect yourself from all kinds of attacks of social engineering. And now we will learn how to conduct these attacks ourselves. But about this a little later…