Social engineering is a term used for a wide range of malevolent activities that cybercriminals practice in order to deceive individuals into revealing sensitive personal information. These malicious activities are accomplished via human interactions that psychologically manipulate and play make-believe with the users to extract as much information as possible. This extracted information will be consequently used later on by the scammers for a broad variety of fraudulent activities.

A typical social engineering attack happens in an approximate series of 1 to 4 steps:

Step 1:- The perpetrator first investigates the target and gathers background information on the target along with loopholes in his/her social security and devices the best appropriate attack for which the victim is likely to fall for.

Step 2 :- In this step the hacker now interacts with the victim while holding together an act of impersonation. Gradually the hacker beats arund the bush and gathers the information he needs by spinning a story to the victim and controlling the conversation.

Step 3 :- Now that the victim’s basic information is obtained by the hacker, the attack is executed as planned and the hacker gets his job done by disrupting the social security passwords of the victim.

Step 4 :- Once done accomplishing the purpose, the hacker now clears his tracks and erases all the traces of malwares and makes every change seem normal before he exits the attack frame.

Common Social Engineering Attacks

There are many kinds of social engineering attacks existing in the market that engineers scams of every kind.


Phishing is a common social engineering attack in which the attacker convinces the victim into giving out personal information himself. The attacker uses all the messaging platforms within and beyond his reach i.e. both online and offline, to confront the target with any malicious URL that is a carrier of potential spyware or malware disguised as just any other URL.  Phishing is like fishing out the details of individuals like their name, address, log in details, social security passwords and so on. Phishing being pretty popular is of various kinds based on the platform/medium used.

Watering hole

A watering hole attack is basically a malware attack in which the hacker compromises a popular website’s security by introducing a malware.  The attacker looks into the vulnerabilities associated with the websites and injects malicious programming code, often in JavaScript or HTML as the code redirects the targeted groups to a different site where the malware or malvertisements are present. When any individual or group visits the unsecure website, there is a potential chance for the members of the group to get their devices infected with the malware as a backdoor trojan is installed on their computers on clicking any of the links, and in some cases even without.


A Scareware falsely notifies the internet user on specific web pages with alerts that their computer has been infected with malware. These pop-ups display texts such as, “Your computer may be infected with harmful spyware programs and requires immediate fixing.” The pop-up alert also comes with a seemingly right solution to offer the target, which is in fact a malware waiting to be downloaded  and once installed, the malware can be used by criminals to capture and transmit sensitive company or personal data. The bright pop-ups and banners that are seen on web pages during browsing are the other faces of scarewares.  Even SMS or emails could be used as a medium proposing the scareware. It is undoubtedly an every day seen threat by avid browsers.


It is possible that baiting could be the most popular and common social engineering attack in this list. Baiting as the name implies, is the taking advantage of an user’s curiosity or greed by displaying fake news in the form or text or video content on the web pages, promising a surprising or rewarding return on click. Baiting is so common that even the best of websites fail to prevent it. Baiting is a attack used for purposes not only to inject malware in the system but also earn revenue with every click. Click bait videos on Youtube, as known by everyone are an example of bating.


Pretexting although it is a ‘social’ attack, it is more personal in nature and approach. In a pretexting attack the criminal’s first goal is to gain the trust of the potential victim with crafted lies and woven stroies. To do this the criminal may pose as a social worker, co-employee, police officer, bank or government official etc. Once the hackers gains the trust of the victim, he slowly draws out sensitive information regarding the personal and professional life of the victim and ultimately use the same information to scam the victim. Company employees are the potential targets in these pretext scams as the perpertator aims to get hands on the company information via the employee.

Having seen these tactics of scamming, these are the preventive measures to drive clear of these social security obstacles.

  • Think before you click any found unreliable URL on the net. Until the purpose of the URL is crystal clear, do not give in to your curiosity and open the link.
  • Know your downloads before you download. As the matter being malware injection, know that malware is spread mostly using unsafe downloads on your devices. Therefore practice caution before any download from unreliable sources.
  • Don’t provide your personal information to strangers online or on call, no matter how desperate and urgent the situation might seem.
  • Do not make transactions or access your bank on your devices while using public Wi-Fi.
  • Set your email’s spam filters to high so that the eamils of unreliable sources are fitered even before you see them.
  • Don’t get carried away on seeing words like ‘Free, Discount, Coupon, Lottery, Vacation’ etc. in your mailbox as more than often, you’re only being scammed to visit a malware injecting website or install.

As quoted by Newton Lee, “ As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace.” And that is why, think before you click, share or subscirbe and avoid being the sufferer.

Leave a comment

Your email address will not be published. Required fields are marked *