what are 10 social engineering attacks
Answers
Answer:
Explanation:
1.Phishing
Phishing refers to a malicious link sent via email, messaging or social media that tricks users into providing sensitive information or unleash a virus on their computer. They often claim to be a known contact, such as a reputable business or individual, and may even look legitimate with logos and official or friendly language. Some of the worst look like court notices, IRS refunds, job postings and package tracking. Phishing scams work because they pose a threat unless the user acts immediately.
2.Spear Phishing
Spear phishing is a more focused kind of phishing. It works because attackers have specific targets. Business executives and government agencies are prime victims of this more sophisticated phishing method not only because is their data high-security, but they are more likely to have a strong, researchable online presence that allows attackers to find vulnerabilities.
3.Whaling
Another variant of phishing, whaling refers to “big prize” targets that have “big prize” information to steal, like business executives and government agencies. Attackers may send emails reporting false concerns based on available information online to gain confidential information.
4.Watering Hole
Once a target audience has been identified, attackers can infiltrate a trusted webpage frequented by their targets and take advantage of weaknesses in the code. Their main goal is to force hyperlinks to redirect users to malicious websites designed to either release a virus or gather user information by imitating a legitimate page asking for personal information.
5.Ransomware
Some attackers want money over information. These popular scams typically send a fake system alert that scares users into clicking it, releasing a virus that encrypts all their data. Then, they offer to unlock it in exchange for the ransom. Never pay money if ransomware has compromised your system; this type of scam works because it reinforces the deal, and future victims will know that paying the money will indeed release their data. Instead, consult a local professional and help limit this kind of attacks.
6.Pretexting
Pretexting obtains personal information by creating a false pretext or scenario that builds trust in the victim so the attacker can exploit that trust to acquire desired information. With the help of social media, attackers can use knowledge about the individual to engage with them and further gain their confidence.
7.Baiting
The promise of something good can be just as influential as fear or a threat. A tangible item or prize like a free music or movie download can be all it takes for malicious code to enter a victim’s computer. “Bait” isn’t limited to software—physical media like give-away USBs can also hold malware.
8.Quid Pro Quo
Similar to baiting, quid pro quo offers a benefit or service in exchange for information or access. A common tactic is for a hacker to impersonate an IT worker asking a user to deactivate their anti-virus software so that they can install an update when, in reality, they are installing malware.
9.Social Media
With so much personal information floating around via social media, hackers can find easy ways to attract targets with a little research. Personal information and interests can all be adapted to hack user passwords or steal an identity. User-targeted ads and comments that lead to malicious sites are other frequent methods of attack.
10.Tailgating
Outside of the digital realm, social engineers sneak into unauthorized locations using psychology to steal information as well, also known as “piggybacking.” Often, offices are compromised by attackers posing as couriers, package deliverers or caretakers to gain access to a restricted area. They can ask for help getting through the door with their hands full or strike up a conversation with an employee and feign familiarity to get through doors by relying on others’ desire to be nice or friendly.
Answer:
upper answer is correct
hope it's useful for you