Kaspersky: Understand The Most Common Social Engineering Tricks

Illustration of social engineering (photo: Kaspersky)

JAKARTA - A recent report from Kaspersky discusses several social engineering tricks commonly used by cybercriminals to attack companies, ranging from calls and emails claiming to be from fake technical, business email compromise attacks, to data requests from fake law enforcement agencies.

The following is the elaboration of various kinds of social engineering discovered by Kaspersky.

Claiming from technical support

The classic social engineering scheme is a call to the company's employees of "technical support". For example, hackers may call you and claim to come from a technical support service that has detected strange activity on work computers. Then, they will offer to solve issues remotely with employee login credentials. At this point you should increase your vigilance.

Only through simple confirmation

This technique starts with cybercriminals getting details of the company's contractor's personal login from the dark web. However, to gain access to the company's internal system, there are still minor problems getting past the multifactor authentication. Well, from there, hackers will spam contractors with authentication request, then send a message to contractors on WhatsApp under the guise of technical support on the grounds of in order to stop spam flow, only a few confirmations are needed."

Calls from CEOs in need of urgent funds

Back to the next classic scheme, it's a type of attack called business email compromise attack (BEC). The idea behind it is to start a correspondence with company employees, usually posing as an important manager or business partner. The goal is for victims to transfer money to accounts specified by fraudsters.

Exploration of conversations

This conversation hijacking scheme allows attackers to enter themselves into existing business correspondence by posing as one of the participants. Generally, all attackers need is to get the original email and create similar domains. To do this type of attack, cybercriminals often buy a stolen or leaked email correspondence database on the dark web.

The attack scenario can vary. The use of phishing or malware is no exception. But according to the classic scheme, hackers usually try to hijack conversations that are directly related to money, are preferred in large numbers, include their bank details at the right time, and then enjoy the results.

Request for data from those claiming to be the authorities

The recent trend, which appears to appear in 2022, is that hackers make requests for "official" data while gathering information in preparation for attacks on online service users. Such requests have been accepted by ISPs, social networks, and US-based technology companies from email accounts hacked by law enforcement agencies.

For information, under normal circumstances, to obtain data from service providers in the United States, a warrant signed by the judge is required. However, in a situation where human life or health is threatened, Request for Emergency Data (EDR) can be issued.