6 of the most effective social engineering techniques

marionette social engineering
Thinkstock

Social engineering is the strongest method of attack against the enterprise’s weakest vulnerability, its people. Criminal hackers recognize this fact. In 2015, social engineering became the No. 1 method of attack, according to Proofpoint’s 2016 Human Factor Report.

These successful social engineering methods often use phishing and malware. But deceptive information assailants have more tools and approaches to draw on than these.

That’s why CSO covers six of the most effective social engineering techniques that attackers use both on and off the internet, providing insights into how each one works, what it accomplishes, and the technologies, methods, and policies for detecting and responding to social saboteurs and keeping them at bay.

Technique one: Enabling macros. Cybercrooks are using social engineering to trick organizational users into enabling macros so that macro malware will work. In attacks on Ukrainian critical infrastructure, bogus dialogue boxes appearing in Microsoft Office documents told users to enable macros to properly display content created in a more recent version of the Microsoft product.

The crooks wrote the dialogue text in Russian and made the dialogue image appear to come from Microsoft. When users complied and turned macros on, the document’s malware infected user machines. “This phishing tactic used an interesting social engineering twist to account for the fact that most users have macros turned off,” says Phil Neray, vice president of Industrial Cybersecurity at CyberX.

Technique two: Sextortion. In attacks called catphishing, cyber criminals pose as potential lovers to lure victims to share compromising videos and photos and then blackmail them. “These traps have evolved to target the enterprise,” says James Maude, senior security engineer at Avecto.

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.