Prompts
Psychology
- Image of person
- Impersonation, provides sense of urgency, appeal to authority for legitimacy, reciprocity
- Exploitation of trust, authority, and social norms
- Fear
- Scarcity (“limited time offer”) can create a sense of urgency.
Examples
- Web - Install malware, steal credentials, phishing, email
- Phone - vishing/smishing, credit card, bank details, buying gift cards
- Scams - Cryptocurrency - snafuu, safemoon,
- More scams - Nigerian prince, British royalty
- Social media - Impersonation, trust-based attacks
- Myanmar - capturing chinese citizens, Myawaddy
- Physical security - Tailgating, Dumpster diving, Piggybacking, Badge cloning, Impersonation of service personnel
- Historical - Trojan Horse, Cold War spies double cross, Honeypots in modern day, Propaganda war machine
- Heists - Japanese police impersonation (bank heist)
- Movies - glamorize with high stakes, focus on the “big score”, real attacks are silent and incremental
- Television - selling fake products
- People around you - invitation to pyramid scheme, bank detail stolen coles groceries
Countermeasures Against Social Engineering
- Training and awareness programs
- Multi-factor authentication
- Patched software to minimize technical vulnerabilities
- “Zero Trust” security policies
- Simulation
Why Social Engineering is More Dangerous Than Hacking
- Weakest link - Human vulnerabilities are harder to patch than software
- Social engineering provides the key to bypass technical security measures
- Multi-layered consequences including financial, data, and reputation loss
- Social Engineering Toolkit (SET), Evilginx for cloning websites
- Maltego - OSINT investigation tool, find relationships
- WiFi Phishing Tool for Seek Hive Week - obtain credentials for further exploitation
