-
About
Marist Commencement
Celebrating the Class of 2025
• The graduate ceremony will be held on Friday, May 23.
• The undergraduate ceremony will be held on Saturday, May 24.About
-
Academics
Marist Commencement
Celebrating the Class of 2025
• The graduate ceremony will be held on Friday, May 23.
• The undergraduate ceremony will be held on Saturday, May 24.Academics
-
Admission & Financial Aid
Marist Commencement
Celebrating the Class of 2025
• The graduate ceremony will be held on Friday, May 23.
• The undergraduate ceremony will be held on Saturday, May 24.Admission & Financial Aid
-
Student Life
Marist Commencement
Celebrating the Class of 2025
• The graduate ceremony will be held on Friday, May 23.
• The undergraduate ceremony will be held on Saturday, May 24.Student Life
- Athletics
An image of a letter being caught by a fishing pole with the text "Gone Phishing"
What is Social Engineering?
Social engineering is a series of techniques for manipulating individuals into disclosing confidential information through the exploitation of human frailties such as trust, fear, or curiosity. In contrast to traditional methods of hacking, which attack technological weaknesses, social engineering attacks psychological traits. Using tactics, attackers will manipulate the victims into willingly releasing sensitive data such as passwords, bank details, or even corporate system access. A social engineering attack is one sort of attack that manipulates human psychology to steal sensitiveinformation. For example, one of the easiest forms of this type of attack could be receiving an email that appears to come from a person you trust, asking you to click on a link to "protect" your account by providing your login information. It is called phishing, and it is among the most common types of social engineering attacks.
Types of Social Engineering Attacks
Phishing: These are the types of attacks wherein malicious communications, usually in the form of emails, will appear to be legitimate. This is to hook the user into giving sensitive information via a fake website. It tends to propagate because the contact lists of compromised accounts become potential victims.
Here is an example of a phishing email and its indicators
Image original link: https://www.justinc.com/blog/how-to-spot-a-phishing-email/
Pretexting: In this social engineering attack, an attacker will concoct a story to trik victims into sharing sensitive information. For example, a hacker may impersonate members of your company's IT support and will be asking for secret information that can be used within the course of troubleshooting.
Quid Pro Quo: The attackers would offer something in return for the sensitive information. A particular attacker might pose themselves as an IT expert offering free software in return for login credentials.
Baiting: Attackers offer something that is tempting, such as a free download or prize to lure victims into sharing information or downloading malware. An example of this could be you receiving an email stating you have won a free iPhone and just have to click the link to claim it.
Smishing: A form of social engineering attack that involves sending SMS messages to the victim in an attempt to have them click on links to harmful sites that may pop up and request malware to be installed or have users input sensitive information such as passwords, credit card numbers or personally identifiable information. Recently, smishing attacks have grown rampant with the increase in the use of mobile devices; users are not as worried about text message scams as they are about email phishing.
Here are examples of smishing messages and their indicators
Image original link: https://www.wallarm.com/what/smishing-attack-what-is-it
Tailgating/Piggybacking: This is a form of physical security breach in which an attacker gains unauthorized access into a facility by following an authorized person inside, mostly when that person asks them to hold the door. Attackers may disguise themselves as employees or delivery personnel to gain access. Once inside, they can steal information, devices, or plant malware.
Watering Hole Attack: A form of cyberattack through which cyber attackers compromise websites, targeting groups frequenting such websites, and infecting them with malware. The ultimate goal is to leverage users' devices to gain access to a corporate network or steal sensitive data. It is hard to prevent this sort of attack because it targets legitimate sites and involves highly sophisticated zero-day exploits that bypass antivirus.
Scareware: This is a method of social engineering that involves misleading users into installing malicious applications, either by scaring them or raising urgency through pop-up advertisements or spam emails. The alert message would say that the system is infected and offers a solution, which will actually install malware to steal personal data or money from the victim.
Here is an example of scareware and its indicators
Image original link: https://www.wallarm.com/what/what-is-scareware-malware-removal-and-protection
How to Prevent Social Engineering Attacks
While it’s difficult to eliminate the risk of social engineering, there are steps you can take to protect yourself:
Be Skeptical: Always be cautious when you receive unsolicited communications, especially those asking for sensitive information. If something seems off, verify the request through official channels.
Educate Yourself and Others: Familiarize yourself with the different types of social engineering tactics. Awareness is key to recognizing suspicious activity.
Use Strong, Unique Passwords: Avoid using the same password across multiple platforms. Strong, unique passwords make it harder for attackers to gain access to multiple accounts at once.
Enable Two-Factor Authentication (2FA): This adds an extra layer of security. Even if an attacker obtains your password, they will still need access to a second form of verification, such as your phone.
Verify Before Acting: If you're contacted by someone claiming to be from your bank, employer, or service provider, always verify their identity before providing any personal details.
Conclusion
Social engineering attacks are based on the manipulation of human psychology to breach security systems. With the increase in digital communication, the sophistication and prevalence of such attacks have also increased. Understanding the tactics used in social engineering, staying vigilant, and taking preventative measures will go a long way in reducing your risk of falling victim to these types of cybercrimes. Be informed, be careful, and safeguard your personal information online.
References:
On the anatomy of social engineering attacks - A literature‐based dissection of successful attacks
Journal of investigative psychology and offender profiling, 2018-01, Vol.15 (1), p.20-45
https://marist.primo.exlibrisgroup.com/permalink/01MARIST_INST/5302rv/cdi_unpaywall_primary_10_1002_jip_1482
Overview of Social Engineering Attacks on Social Networks
Procedia computer science, 2022, Vol.198, p.656-661, Article 656
https://marist.primo.exlibrisgroup.com/permalink/01MARIST_INST/5302rv/cdi_unpaywall_primary_10_1016_j_procs_2021_12_302
Crowd strike/cybersecurity/types of social engineering attacks
https://www.crowdstrike.com/en-us/cybersecurity-101/social-engineering/types-of-social-engineering-attacks/
Fortinet/watering hole attack
https://www.fortinet.com/resources/cyberglossary/watering-hole-attack
Fortinet/Scareware
https://www.fortinet.com/resources/cyberglossary/scareware
Note: Leveraged AI to assist in structuring the document and generating certain sentences and phrases to be more understanding and meaningful.