Types of Social Engineering Fraud
Social Phishing
This remains the most popular form of social engineering attackers use. Social phishing aims to obtain confidential information, such as passwords, usernames and social security numbers. To achieve this, attackers use phishing emails that include shortened links to malicious sites that host phishing algorithms. It is also common to incorporate a sense of urgency, fear or threats.
Pretexting
Unlike phishing, which relies on fear, threats and urgency, pretexting involves building false trust to trick people into giving up confidential information. The attacker may impersonate agents, officials, IT personnel or anyone they need to convince you to provide login details, social security number and other details.
Baiting and Quid Pro Quo
Baiting is similar to social phishing, but the attacker incorporates a good or item to incentivize people into giving up information or clicking on compromised links. In baiting, attackers may promise free music, streams or even physical items. Quid pro quo is similar to baiting; only it uses services in place of goods.
Tailgating
This form of social engineering involves following company workers or posing as one to gain access to a building or office. It is less common in well-established firms but pose a significant threat for small and medium-sized businesses. Attackers can strike conversations to build trust with employees and use the show of familiarity later on to access confidential data or areas.
Summary
Technology companies and those in the communications industry face computer fraud on a day-to-day basis through social engineering. While there is a lot you can do to mitigate these risks, or transfer risk, you should also consider purchasing an insurance policy that protect your business from financial disruption to pay for resulting cost and damages. Each category above has subgroups so social engineering can take many forms.
