What are common types of social engineering?
Social engineering is used in a variety of scams. Vishing (“voice phishing”) uses social engineering over the phone to run scams, like the ones mentioned above. But it can also be used by criminals for even more elaborate scams—like getting employee log-in credentials or getting insider information about how a business works.
Phishing is an email scam. Spear phishing relies on highly-targeted emails that are specifically aimed at potential victims. And smishing uses text messages to, perhaps, lure its victims to fraudulent web sites or tricks them into sending credit card details over text.
During the holidays when there is a lot of ecommerce shopping happening, a scammer might replicate a shipping email, but the link to track your shipment will activate malware. Since chances are you have made an ecommerce purchase recently, you may be more likely to click on that link.
Baiting is another way that scammers use social engineering. Have you ever come across a USB flash drive or other piece of physical media in a parking lot or at a coffee shop that someone dropped? Now, should we stick something like a mysterious flash drive in our computer? Probably not.
But what if it was labeled “Salaries” or “Personal and Confidential”? Thanks to social engineering, a scammer knows some people just won’t be able to help themselves and they’ll actually plug that flash drive into their computer. And little does the victim know, the flash drive probably contains malware which will infect the host computer and any networks it connects to.
Anyone can be a victim of social engineering, too. Even executives. In fact, there’s even a term for social engineering that’s aimed at CEOs, CFOs and other high-profile employees: “Whaling.”