Social Engineering
Social engineering in phishing is the art of manipulating people rather than breaking technology. Attackers craft believable stories, emails, calls, or chat messages that exploit emotions (fear, helpfulness, curiosity, urgency) and real-world context to lure the recipients of a message.
Now, read the content of the previous email you had opened. We can spot multiple social engineering techniques:
- Impersonation: Is a type of Social Engineering. The attacker is pretending to be McSkidy!
- Sense of urgency:Â We can observe words such as "urgent" and "immediately" to pressure the recipient.
- Side channel:Â The attacker tries to discourage the recipients from reaching McSkidy using his standard communication channels (phone and email address).
- Malicious intention: The attacker is trying to trick the user into giving VPN credentials. They can also try to ask for approval of payments, opening malware, or sharing sensitive data.
It also refers to manipulating a user to make a mistake.
Examples of such mistakes include
- sharing a password
- opening a malicious file
- approving a payment.
The term âsocialâ means that the target of such an attack is human beings, not computer systems.
Consequently, the attacker relies on psychological tricks to get the target user to cooperate. Some psychological factors that can play a key role in the success of such attacks are urgency, curiosity, and authority. This is why some would refer to social engineering as âhuman hackingâ.