In 2023 the techniques used by cybercriminali to claim victims are increasingly refined and complex.
To push a user to download a file and launch it or to release sensitive information on a form, it is necessary to deceive him through a subtle psychological manipulationwhich leverages some mental principles that go well beyond the IT context.
According to cybersecurity experts, those who implement these strategies are much more complex and structured than one might think. It all starts with a sort of massive collection of information, which can take place through research on Dark Webphone calls, social networks or other channels.
In the second phase of strategy in social engineering, cybercriminals pose as a fictitious figure, such as a manager, a potential customer or something else. Once the potential victim has lowered their defenses, cyber criminals ask for and obtain sensitive information: these can be details of a Bank account, password e credentials of various types.
At this point, as is easy to imagine, cybercriminals disappear into thin air.
The 8 most dangerous social engineering techniques
Beyond the aforementioned generic modus operandi, there are various ways cybercriminals take to obtain a victim’s data.
The most common, at least in 2023, is the strategy known as phishing. Scammers use this approach to gain the trust of the potential victim, often using an email that exploits the sense of urgencydirect users to sites very similar to real platforms, pushing them to enter sensitive data and then steal them.
The second strategy is known as baiting, or the use of false promises used by cybercriminals to obtain much-coveted personal information. The famous winnings of alleged smartphones through phantom lotteries fall into this category.
A less well-known technique but, precisely for this reason, even more fearsome is the one known as tailgating. This type of operation not only involves the theft of data, but also the exclusion of the victim from their platforms and the information contained therein. Often, this type of attack can be traced back to the enterprise environment.
Even more treacherous is the strategy linked to the phenomenon of social engineering known as pretexting. This is a technique of manipulating the victim, who is slowly convinced to give up their credentials to the cybercriminal. Attackers pretend to be someone known to the victim such as a friend, family member, boss or colleague to gain trust. Once this is done, they ask for and obtain the valuable data.
Another threat that should not be underestimated is the one known as scareware. This technique leverages strong emotions such as anxiety and fear, causing shock in the victim. Pop-up or false reports of malware, for example, can push a user towards purchasing a potential antivirus. This, in reality, can then turn out to be a malicious agent.
What has just been listed, obviously, represents only the proverbial “tip of the iceberg”. Just as the cyber threat environment is constantly evolving, the field of social engineering is also constantly being developed and refined by the most hardened cybercriminals.
In this context, in addition to adequate software protections, it is important to always keep up to date with new emerging dangers so as not to be caught off guard.
