Social engineering can come over all communications means you have available, but in general it’s either by phone or by e-mail.
Imagine an attacker needing to get access to your IT systems. A common technique is phishing with the help of some social engineering.
Difference social engineering and phishing
Social engineering is the technique to obtain the information that can be used consequently to attack with phishing a target.
Imagine one of the higher placed people in the company is known to have sailing as a past-time activity. This can be obtained for example with either social engineering or by observing social media postings of the same person. Most people don’t realize the power of combining all available sources of information One day this manager receives an e-mail in his inbox with an offer for a 2nd hand sailing boat in the category he sails in. Cheap but not unreasonable price, beautiful pictures in the mail, and a link to click on to see more details and allow for a potential purchase.
This link _looks_ like it’s pointing to a well-known auction site, like www.ebay.com or the local version.
The text inside an HTML e-mail, also the text that represents a clickable link is not forcefully the same for the displayed text on the screen and the URL that’s linked to it ‘behind it’.
It’s therefore very will possible to have a blue link in an e-mail that says:
https://www.ebay.com/search?my_auction=22114455876
In the e-mail, but that points to:
https://ourblackhathackers.dyndnsremotecam.ru/link.to.nasty.virus
If you ‘hover over’ with your mouse you’ll see in general both version, in 99.9% of the cases both values are the same, but in phishing situations this can be used to obfuscate a destination. If your ‘hovering over’ shows that there are two different links you should not visit the target link.
Recent Comments