Resource Corner

Emerging Social Engineering Schemes

Learn more about common & emerging social engineering schemes to protect your business.

man in hoodie hacking laptop

Cyber criminals often use human psychology and the art of manipulation to scare, confuse or rush you into opening a malicious link or attachment or into providing personal information through a process known as "social engineering." Below are common and emerging social engineering schemes to be aware of to protect you and your business.

Common Social Engineering Schemes

Be aware of the various tactics used by attackers, including:

  • Phishing: Fraudulent emails prompting recipients to engage with harmful links or attachments.

  • Smishing: Deceptive text or instant messages designed to distribute malware or gather personal data.

  • Business Email Compromise (BEC): Targeted email attacks masquerading as legitimate communications from trusted sources, often directing victims towards fraudulent transactions.

  • Vishing: Phone-based scams aimed at extracting sensitive information directly from the target.

  • Impersonation: Attackers may impersonate company employees or trusted individuals to gain access to restricted areas or information.

  • Tailgating: An in-person strategy where attackers seek unauthorized physical access to company premises or secure areas.
Emerging Social Engineering Schemes

  • Social Media Deception: Attackers create fake profiles or hack into existing ones to send malicious links, scam messages, or to gather personal information about targets. They exploit the trust and openness inherent in social networks.

  • Deepfakes: The use of AI-generated audio or video clips that convincingly mimic real people saying or doing things they never actually said or did. These can be used to create fraudulent communications that appear to come from trusted individuals, manipulating viewers into taking harmful actions or believing false information.

  • Baiting: Similar to phishing, baiting involves offering something enticing to the target, such as a free download of software or a movie. However, the download contains malicious software.

  • Pretexting: The attacker creates a fabricated scenario or pretext to engage a target in a manner that leads to information disclosure or a security breach. This often involves elaborate stories that require a target’s assistance or verification of information that the attacker then uses for malicious purposes.

  • Quid Pro Quo: A type of bait where the attacker promises a benefit in exchange for information. This benefit could be a service, such as fixing a computer problem, that requires the target to disable security software or grant remote access to their system.

  • Spear Phishing: A more targeted form of phishing where the attacker has done their homework and sends personalized messages to a specific individual or organization. This can be much more convincing than generic phishing attempts.

  • Water Holing: Compromising a website frequented by the target group to distribute malware or launch attacks.

  • Reverse Social Engineering: Creating a problem or vulnerability and then advertising oneself as a solution to trick the victim into seeking help, granting the attacker access.

  • Honeytrap: Creating a fake persona to form a relationship with the target to extract sensitive information or gain network access.

  • Rogue Software: Attackers trick users into believing they are installing or updating legitimate software, but it is actually malware. This often comes in the form of fake antivirus software that alerts the user to nonexistent threats.
All content is for informational purposes only and does not constitute legal, tax, or accounting advice. You should consult your legal and tax or accounting advisors before making any financial decisions.