AbleToTrain by Willing & Able

Examples of social engineering attacks

Malware attacks deserve special attention because they are common and have long-term effects.

When malware writers use social engineering techniques, they can entice careless users to launch infected files or open links to infected websites. Without a complete suite of security software for your desktop and mobile devices, you are likely to get infected.

Worm attack

The aim of cybercriminals is to draw the user’s attention to the infected link or file and then make the user click on it.

Examples of such attacks include:

– The LoveLetter worm overloaded the email servers of many companies in 2000. The victim received an email inviting them to open the attached love letter. When they open the attachment, the worm copies itself to all the contacts in the victim’s address book. In terms of the economic losses it caused, the worm is still considered one of the most destructive worms. The

– Mydoom email worm, which appeared on the Internet in January 2004, uses text that mimics technical messages sent by mail servers.

– The Swen worm impersonates a message sent from Microsoft. He claims that the attachment is a patch that eliminates the vulnerability in Windows. No wonder many people take this statement seriously and try to install false security patches, even if it is actually a worm.

Malware link delivery channels

Links to infected sites can be sent via email, ICQ and other instant messaging systems, and even via Internet IRC chat rooms. Mobile viruses are usually sent via SMS messages.

Regardless of the delivery method used, messages often contain compelling or compelling words to encourage unsuspecting users to click on the link. This method of penetrating the system allows malware to bypass the antivirus filter of the mail server.

Peer-to-Peer (P2P) attacks The P2P network is also used to distribute malware. Worms or Trojan viruses will appear on P2P networks, but they will be given a name that may attract attention and cause users to download and start files. For example:

AIM & AOL Password Hacker.exe

Microsoft CD Key Generator.exe


Play Station Emulator crack.exe

Embarrassing infected users without reporting attacks

In some cases, creators and malware distribution The victim will take measures to reduce the possibility of the victim reporting an infection:

The victim may respond to falsely provided free utilities or guides, promising to provide illegal benefits, such as:

Free Internet access or mobile communications.

Able to download the credit card number generator.

Method to increase the balance of the victim’s online account.

In these cases, when the result of the download is a Trojan horse virus, the victim will be willing to avoid exposing their illegal intentions. Therefore, it is very likely that the victim will not report the infection to any law enforcement agency.

As an example of this technique, a Trojan horse virus was once sent to an email address obtained from a job site. Those who registered with the site received a bogus job offer, but it contained a Trojan horse virus. The attack mainly targeted corporate email addresses. Cybercriminals know that employees who receive the Trojan horse do not want to tell their employers that they have been infected while looking for alternative jobs.

Detecting Social Engineering Attacks

Defending yourself against social engineering requires you to practice self-awareness. Before doing something or responding, always slow down and think.

The attacker wants you to act before considering the risk, which means you should do the opposite. To help you, if you suspect an attack, here are some questions to ask yourself:

– Is my mood high? When you are feeling particularly curious, scared, or excited, you are less likely to evaluate the consequences of your actions. In fact, you may not consider the legality of the situation presented to you. If your emotional state is elevated, consider it a red flag.

– Is this message from a legitimate sender? When you receive a suspicious message, please double check your email address and social media profile. There may be characters that imitate others, such as “” instead of “”. Fake social media profiles that copy images and other details of your friends are also common.

– Did my friend really send me this message? It’s always good to ask if the sender is the real sender of the relevant message. Whether it’s a colleague or someone else in your life, ask them in person or over the phone if possible. They can be hacked unknowingly, or someone can impersonate them.

– Are there any strange details on the website I’m on? Irregularities in URLs, poor image quality, outdated or incorrect company logos, and misspelled web pages can all be red flags for fraudulent websites. If you enter a misleading website, be sure to exit immediately.

– Does this proposal sound too good to be true? In the case of giveaways or other positioning methods, discounts are a powerful driving force for social engineering attacks. You need to consider why someone will provide you with something valuable, but its benefits are minimal. Always be vigilant, because even basic data, like your email address, can be collected and sold to annoying advertisers.

– Suspicious attachments or links? If the link or file name in the message seems vague or strange, please reconsider the authenticity of all communication. Also, consider whether the message itself was sent in a strange context, time, or some other red flag.

– Can this person prove his identity? If you can’t get this person to verify your identity with the organization you claim to belong to, please don’t allow them to access the permissions you have requested. This applies to face-to-face and online, as physical crimes need to ignore the identity of the attacker.