In the era of rampant cybercrimes where newer techniques evolve each day, ‘social engineering’ is not a term unheard of. So, what is Social Engineering? Is it a new branch of engineering that you never that your college is not offering? Well, no! It has nothing to do with engineering AT ALL!! It is a technique used by cyber criminals to defraud innocent victims. Here’s all that you need to know about social engineering attack techniques. Also, some handy tips to avoid being a social engineering victim.
What is Social Engineering?
Social Engineering is the trending technique for trapping gullible individuals into divulging their personal information. Rightly called ‘social engineering’ as it exploits a person’s natural tendency to trust another individual. Social Engineering is more of an art! Know why? Because it requires a certain mastery to manipulate people into entrusting another individual, usually a stranger, with personal information.
Miscreants find it easier to employ social engineering to gain personal information than use traditional techniques such as hacking. Social engineering attack techniques vary as per the final objectives of miscreants. Some may seek information such as passwords and financial details to cheat victims of money. Likewise, some use this technique to gain access to the victim’s computer to covertly install malicious software. This enables them to gain control over their systems and access their personal information.
The Crux of Social Engineering Attacks
Trust is crucial for an individual’s security –in the physical, emotional space as well as cyber space! Not knowing when and whom to trust is the trait that cyber criminals look for in a potential social engineering victim. Social engineering attacks exploit the gullibility of individuals into trusting online communication or information.
With the colossal upsurge in fake websites and spam emails, it is important that you know what and whom to trust in the digital space. Be cognizant of the legitimacy of online information. DO NOT accept any information or person at face value. This is the biggest weakness that ‘social engineers’ exploit to trap victims!
Some Common Social Engineering Attack Techniques
Unscrupulous agents use different forms of social engineering attack techniques based on the gullibility of the target victim. The social engineering attack lifecycle consists of 4 basic steps – Investigation, Deception, Play and then Exit.

Even a small point of human interaction is enough to execute a social engineering attack. The following sections shall enlighten you on the tips to avoid being a social engineering victim. But, before that, here are some common social engineering attack techniques.
1. Baiting
This technique exploits the victim’s tendency to react to a bait that attracts his/her greed or curiosity. Miscreants lure victims into a trap with the intention of stealing their personal information or infecting their systems with malware. It is possible to execute baiting in both the physical as well as cyber space.
Example:
(a) Baiting in the Physical Space
A typical example of such social engineering attacks involves using malware-infected flash drives as the bait. Social engineers usually leave them in a place where a victim is most likely to notice it. This includes places such as elevators, parking lot and bathrooms. Most times, the bait looks quite enticing and may have a label denoting ‘bonus’ or ‘confidential’ stuck on it.
Usually, the victim picks up the flash drive out of curiosity and inserts it into his/her personal or corporate system. Voila! Mission accomplished!! The infected flash drive does it work of installing malicious software in the system.
(b) Baiting in the Cyber Space
In the cyber space, perpetrators deploy such social engineering attack techniques on peer-to-peer sites offering movie and/or music downloads. Furthermore, they may also deploy baits on social networking platforms and a malicious/fake website that entice an individual through ads. Such ads then lead to malicious websites that persuade the victim to download malicious software. The malicious software could be a malware or virus that enables the cyber criminals to access the victim’s sensitive data.
2. Phishing
Phishing is one of the most common social engineering attack techniques. In this, the fraudster uses online communications such as email or SMS to gain the victim’s trust. The email/SMS campaigns are so crafted that they look strikingly legitimate and evoke a sense of curiosity, urgency or fear. This encourages them to respond by divulging sensitive information, opening attachments containing malicious software, or clicking on malicious links.
Example:
A common phishing mail is when users of an online service receive a notification citing ‘unusual login activity’. Or, an email alert citing temporary suspension of the account due to an error. The email contains a link which leads to a malicious website meant for stealing the victim’s credentials.

Source: http://www.phishing.org/phishing-examples

Source: https://www.edts.com/edts-blog/15-examples-of-phishing-emails-from-2016-2017
3. Scareware
As the name itself suggests, scareware is a social engineering technique wherein perpetrators use false threats and bogus alarms to cheat victims. Also known as fraudware, rogue scanner software and deception software, it prompts the victim to install a bogus software citing a malware infection. The software installed may itself be malware or may enable the perpetrators to obtain the user’s confidential details. Scareware is often distributed through spam emails containing bogus warning or offers.
Example:
The user receives a pop-up informing him/her of a malicious spyware infection to their computer. The pop-ups look pretty legitimate thus leaving no scope for doubts. It urges the victim to install a corrective tool (usually containing malware) or leads him/her to a malicious site.

Source: https://www.maketecheasier.com/the-scareware-scam/
4. Pretexting
Pretexting is a social engineering technique that uses an interesting ploy to deceive victims. Once the perpetrator gains the victim’s trust, making the latter disclose sensitive information become a cakewalk. Did you know that successful pretexting attacks have tripled since 2017?
Following are some common pretexts for deceiving victims into divulging their personal information:
- Urgent call for help citing a friend or kin robbed, injured or hospitalized in some other country.
- Fund-raising donation for a natural disaster, political campaign or charity to play on the victim’s generosity and humanity.
- Present an issue that requires the victim to verify his/her information by clicking on the link provided or filling an online form.
- Notifying of a lottery or contest win that requires the victim to enter their financial details.
- Posing as a co-worker or boss to demand personal or financial information.
Example:
The victim receives an email declaring him/her as the winner of a sweepstake that promises an attractive sum of money. The sender of the email then asks the victim to call a particular number or click on the link provided. The victim’s greed for the lottery win often lures him/her to disclose sensitive bank details to the conman.

Source: http://www.euromillions.co/lottery-scams/
5. Quid Pro Quo
In this social engineering technique, miscreants lure victims with favors or benefits in exchange for something, usually information. Remember that if the offer sounds too good to be true, it might be nothing more than a trap!
Example:
The perpetrator impersonates an IT support technician and calls the target victim. He assures the victim of a quick technical fix. Innocent victims end up sharing their login credentials with the caller in the hope of genuine technical support. This enables the fraudsters to have access to the victim’s computer to install malware or extract personal information.
Tips to Avoid Being a Social Engineering Victim
Social engineering attacks are now prevalent everywhere – online and offline. The best defense that one has to keep social engineering attacks at bay is by education and awareness. By now, you must have had a fair idea of the common social engineering attack techniques. Consequently, keep these tips to avoid being a social engineering victim handy!
1. Be Slow & Steady
If you receive an unsolicited call, SMS or email that evokes a sense of urgency or panic, be cautious. This is what social engineers want! That you act promptly and think later.
2. Do Your Homework
Do not take anything at face value, especially if it seems too good to be true! Do thorough background research when you receive unsolicited emails/messages promising huge and often, unrealistic benefits. Spam emails often look like they are sent by a reputed company. Check the company’s official website and if required, call them and verify the authenticity of the mail.
3. Abstain from Clicking Links
Wherever possible, avoid clicking on suspicious links in pop-up notifications or emails. It is better that you visit the website yourself through a search engine. When you hover on a link in an email, you can see the actual URL at the bottom. Use this technique before clicking on random links.
4. Download Wisely
Refrain from engaging in random downloading of files. Some pop-ups or spam emails may urge you to download an anti-virus software or some other tool for your system. By doing this, you are yourself downloading a malicious software in your system.
5. Be Cautious of Foreign Offers
Individuals often react with greater greed and curiosity when a lottery/sweepstakes win comes from a foreign organization. Be cautious of any request involving the transfer of funds from a foreign country or an international sweepstake.
How to Protect Yourself from Social Engineering Attacks?
Protecting yourself from social engineering attacks is not rocket science. It just requires a little bit of awareness, cautiousness, and watchfulness. To summarize, here’s how you avoid being a social engineering victim.
- Delete requests for banking details or passwords immediately.
- Do not entertain email/call/SMS requests for charity or offers of help.
- Deploy adequate spam filters for your emails and set them to ‘high’.
- Secure your computing and mobile devices with adequate firewalls, email filters, and genuine anti-virus software.
- Avoid picking up and using unclaimed USB devices on your computer.
Incognito Forensic Foundation (IFF Lab) – Your Awareness & Diagnostic Partner
Incognito Forensic Foundation (IFF Lab) is a private digital and cyber forensics lab in Bangalore. Equipped with state-of-the-art digital forensics tools, a sound team of cyber forensic experts forms the core of IFF Lab. It provides services for investigation of cybercrimes as well awareness and training programs for law enforcement agencies, educational institutions, corporate bodies and other public and private organizations.
Contact us for Awareness Programs and Investigation Services.
Related Posts
December 27, 2019
Importance of Digital Forensics in India
December 14, 2019
6 Types of Hackers
November 8, 2019
List of 15 Most Powerful Forensic Tools
October 22, 2019
Top 5 Tips to Identify a Phishing Email
September 30, 2019
The 5 Latest Cyber Security Technologies for Your Business
September 2, 2019
A Handy Guide on How to Report Online Harassment of Women
January 4, 2019
The World of Deepfakes – How can Deepfakes Impact Elections?
December 21, 2018
What is Cyber Insurance? Do you Need Cyber Insurance?
November 20, 2018
The 5 Biggest Data Breaches of 2018
November 9, 2018
Prospects of an Ethical Hacking Career in India
October 25, 2018
Top 5 Types of Cybercrimes – Tips for Cybercrime Prevention
September 15, 2018
8 Handy Tips to Avoid Mobile Phone Scams Like a Pro
September 6, 2018
Be Aware of Olx Scams – Tips to Buy Safely on Olx
August 31, 2018
The Latest Weapon of Online Child Abuse – The Momo Challenge
August 18, 2018
Hard Drive Data Recovery – Top Causes of Hard Drive Crash
May 31, 2018
Your Quick Guide to the Cyber Laws in India
May 16, 2018
How Safe Are Voice Activated Assistants?
May 2, 2018
Busting the Myths About Facebook’s Data Use
April 24, 2018
How to File a Cyber Crime Complaint in India
April 11, 2018
How to Avoid and What to Do After a Data Breach?
April 3, 2018
5 unbelievable things that can get hacked!
March 21, 2018
7 Major Causes of a Data Breach
March 14, 2018
The 10 Basic Steps of Forensic Photography
March 5, 2018
Cyberwarfare – The new-age warfare
February 16, 2018
10 things that hackers can do by hacking into your smartphone
February 6, 2018
5 Infamous Cases Solved Using Early Forensics
January 24, 2018
Why Cyber Security should be Digital India’s foremost priority
January 19, 2018
All that you need to know about Forensic Photography
December 29, 2017
How Forensic Science has Evolved Over Time
December 20, 2017
Thinking of which career to choose? How about Forensic Science?
December 10, 2017
How Fake News is the trending & booming dark net business
December 1, 2017
Top 10 cyber crimes in the history of cyber attacks
November 23, 2017
Seeking a Partner Online? Ensure your safety with these tips
November 17, 2017
Beware! Dating someone? Are you sure about your partner?
November 13, 2017
How healthcare IoT is vulnerable to cyber security threats
November 7, 2017
5 things a student should know about an Advance Fee Scam
November 6, 2017