Common Social Engineering Attacks
Trojan Horse Attacks
Trojan horse attacks involve a type of malicious code or software that looks legitimate and trustworthy, and is designed to trick you into loading it and executing it on your computer. Its purpose is to take control of your computer and damage, disrupt, steal, or inflict some other harmful action.
Watering Hole Attacks
Watering hole attacks happen when attackers research the legitimate and trusted websites that individuals in an organisation often visit. They then look for vulnerabilities in those sites and inject script that redirects them to another malicious site. When the target then visits that malicious site, malware is hosted and the compromised website is now able to infect the target, delivering a large amount of information. It can also be used to monitor and spy on the organisation and its activities.
Watering hole attacks happen when attackers research the legitimate and trusted websites that individuals in an organisation often visit. They then look for monitor and spy on the organisation.
Phone phishing, as the name implies, uses the phone to disguises calls seeking sensitive information as technical support and customer service calls from banks, the government, friends and so on. These scams are looking either for confidential information or to get people to download malicious software to their computer that can be used to steal information.
Social Engineering Attacks
As you can see, attackers use various means to launch social engineering attacks. They include emails, voice calls or IVR, SMS, or other social media messaging, untrusted websites with enticing offers requiring clicking into a link or registering with personal information, or even techniques the victim may be unaware of, to entice the divulging of sensitive information.
According to APWG 2018, Phishing Activity Trends Report:
There was a 46 percent increase in unique phishing sites identified between Q4 2017 and Q1 2018
Online payment services were most heavily targeted during the beginning of 2018, followed by SAAS and webmail providers, financial institutions and file hosting and cloud storage services
By Q2 2018, more than a third of all phishing attacks were on web sites using HTTPS
How Phishing Attacks Happen
Phishing attacks are usually conducted through emails, legitimate looking messages on: websites, social media networks, fake phone calls, instant messages, and malicious and rogue applications, and are a more general, exploratory, less targeted type of attack.
Why Phishing Occurs
Phishing is by far the most popular social engineering attack. It tricks the victim into divulging personal or sensitive information, as the sender masquerades as an official, authorised or trusted sender. Phishing emails contain tricky and sometimes personalised messages asking you to click on a link or divulge sensitive information. Phishing is random, casting a wide net in the hopes that a few people will bite, with the sole goal to obtain that sensitive information.