Social engineering is a set of techniques used by cybercriminals to trick unsuspecting users into sending them sensitive data, infecting their computers with malware or opening links to infected sites. In addition, hackers may try to take advantage of a user’s lack of knowledge; due to the speed at which technology is advancing, many consumers and workers are unaware of the real value of personal data and are unsure of which is the best way to protect this information.
Life Cycle of a Social Engineering Cyber Attack
- Information collection: This phase is also known as footprinting. The cybercriminal accumulates as much information as possible about the person or people (social engineering) to be deceived in order to learn about their interactions and relationships. This is a pre-deception phase and the following information is gathered:
- Employees’ list, telephone numbers, mailing addresses, etc.
- Company organization chart
- Departments’, cabinets’, work teams’ names
- Technology service providers, material suppliers and other types of suppliers such as banks, etc.
- Physical location
- Establishment of a relationship of trust: Once the information has been gathered, the attacker will establish a closer relationship with the victim.
- Manipulation: The cybercriminal will perform psychological manipulation by taking advantage of the gained trust in the previous phase. The objective will be to extract all kinds of confidential information that will be used to break into the system. Another objective is to get a certain action performed.
- Exit: Once the information has been extracted, the attacker will do everything in his power any kind of suspicion could fall on him/her. To do so, he/she will make sure not to leave any evidence that could link him/her In this way, he/she will be able to continue to enter the system in the future to continue exploiting his/her source of information.