How to Exploit Social Media by Contemporary Social Engineering Tactics?

Social engineering is all over the virtual world. Even the spam calls that you receive can be a part of social engineering. You might be unaware of the fact and what you do is end up sharing your crucial details to the person on the other side. The other person who has been successful in collecting your data abuses them, and you might get trapped in a ransom scenario. There are a lot of social engineering tactics implemented to extract data from the target of which the most common is the phishing method.

Phishing is the widely used technique (definitely a part of social engineering) and is mostly associated with the emails. As contemporary people delve much deeper into the social media zones and spend most of their time there, phishing in social media is on the rise. It is one of the most favorite hunting grounds for the scammers, as stated by Elliot Volkman from the PhishLabs. 

Social media presents a large number of similar issues faced by emails, viz., credential theft, impersonation, and related scams. Besides, it also facilitates the intelligence gathering for the attacks targeted. Adding to this, the attackers can interact with the different accounts in the bid to confuse the users rather than just being restricted to one-on-one conversations.

Elliot explains that as phishing is the malevolent usage of social engineering, impersonation acts as the key player in the success of a cyber attack. Furthermore, he states that by posing as someone (disguising to be a real user/identity) having any kind of authority, it is comparatively easier to cause damage to that person or the brand associated with them. It is quite a little effort to trick the users into taking the specific action. For instance, one of the most prominent examples can be considered as the time when any celebrity tweets something through his or her account, a threat actor takes the complete opportunity to reply to the tweet, posing as that user and mentioning that they are giving away Bitcoins for free. But in reality, they are not doing as mentioned.

Elliot has also pointed out that the attackers do not stick to one particular social engineering tactic but shifts them from time to time depending on the need of the market. This is done to target the humongous potential victims. For example, if you own an organization, as a brand, you must possess profiles on the largest networks for promotion. But that is not the case with your employees and customers. The more comprehensive and engaged in a digital platform, the higher is the likelihood that the threat actors will strive to abuse it. 

One of the advantages of the increased connectivity through social media is that the users can bind together to call out the scams when they detect it. All the organizations can get benefitted from providing contemporary security awareness training to their employees for a better defensive method against all sorts of attacks through social engineering.

Report this Page