Social Engineering Attacks

Social engineering attacks encompass malicious activities accomplished through human interactions. They rely on psychological manipulation to trick users into making security mistakes or disclosing sensitive information.^[1]

Common Types

Baiting uses a false promise to arouse victims’ greed or curiosity to lure them into a trap for gathering their personal information or installing malware.
Scareware inundates victims with false alarms about threats.
Pretexting involves impersonating a person in a position of authority or familiarity and asking questions to confirm the victims’ identity.
Phishing scams prod victims to reveal sensitive information, click on a link to a malicious website, or open an attachment that contains malware.^[2]

Famous Cases

In October 2020, Kevin Mitnick wrote a blog post about the best-known attacks over the previous decade to remind his readers to be more careful.^[3] His list included:

2013 Target Third-Party Breach (Phishing) ^[4]
2020 Twitter Bitcoin Scam (Pretexting, Baiting) ^[5]
2014 North Korea attack on Sony Pictures (Phishing)^[6]
2016 US Presidential Election Email Leak (scareware, spearphishing) ^[7]
2013 Yahoo Customer Account Breach (phishing email)^[8]

References

[1] Raising Security Awareness, ICANN Blog

[2] About Social Engineering, Imperva

[3] Top Five Social Engineering Attacks, Mitnick Security Blog

[4] Target Email Attack, Krebs on Security

[5] Twitter Bitcoin Scam, Mitnick Security Blog

[6] Sony Hack, Washington Post

[7] 2016 Pres Campaign Hacking, CNN

[8] Yahoo Hack, NY Times

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]