Jakarta, CNBC Indonesia – Social engineering is still a way for cybercriminals to trick their victims. The methods range from classic tricks to new trends.
Kaspersky, a global cybersecurity company, released what social engineering is commonly used by cybercriminals to attack companies.
These include variants of fraud involving calls and emails from fake technical support, attacks via business email, to requests for data from fake law enforcement agencies. Here’s more:
Claimed to be from Tech Support
The classic social engineering scheme that is often carried out is calling company employees claiming to be from technical support.
Hackers will usually call on the weekends and claim that they are from the company’s technical support services and have detected strange activity on work computers. Then ask you to come to the office immediately.
Then this fake official will offer to solve the problem remotely. But to do this, they need employee login credentials.
However, there are variations in the scheme that shift when employees work remotely during the pandemic.
The fake tech support will notice suspicious activity on the victim’s laptop used to work from home, and suggest solving the problem using a remote connection, via the RAT.
Fake Call from CEO
Going back to the next classic scheme, is a type of attack called a business email compromise (BEC) attack.
The idea behind it is to start a correspondence with company employees. Fraudsters usually impersonate managers, CEOs or important business partners.
Usually, the purpose of the correspondence is for the victim to transfer money to the account specified by the fraudster.
Meanwhile, attack scenarios may vary. if cybercriminals are more interested in infiltrating a company’s internal network, they might send a malicious attachment to the victim under the guise of an emergency message.
One way or another, all BEC attacks revolve around email compromise, but that’s just the technical aspect of it. A much larger role is played by elements of social engineering.
Most of the scam emails targeting casual users are nothing but excitement, BEC operations involve experienced people in large companies who can write business emails and persuade recipients to do what cybercriminals want.
Known as conversation hijacking, this scheme allows attackers to insert themselves into business correspondence. They disguise themselves as one of the employees or people involved in the company.
Generally, neither account hacks nor technical tricks are used to disguise the sender – all an attacker needs is to get the real email and create a lookalike domain.
This way cybercriminals automatically gain trust which allows them to direct the conversation to its intended destination.
To carry out this type of moaning, cybercriminals often purchase databases of stolen or leaked email correspondence on the dark web.
Attack scenarios can vary, including phishing or malware. But according to the classic scheme, hackers usually try to hijack directly related conversations
with money, entering their bank details at the right time, and then enjoy the rewards.
A prime example of conversation hijacking is what happened during the transfer of football player Leandro Paredes. The cybercriminals logged into the email exchange posing as representatives of Paredes’ debut club, Boca Juniors, who were entitled to a fraction of the transfer fee. A total of €520,000, pocketed by the fraudsters for themselves.
Data Requests from Authorities
A recent trend, apparently emerging in 2022, is for hackers to make official data requests when gathering information in preparation for attacks on users of online services.
Such requests have been received by ISPs, social networks and US-based technology companies from hacked email accounts belonging to law enforcement agencies.
Under normal circumstances, obtaining data from a service provider in the United States requires a warrant signed by a judge.
However, in situations where human life or health is threatened, an Emergency Data Request (EDR) may be issued.
Therefore, it is more likely that a formal request will be granted if a reasonable case appears to have come from a law enforcement agency.
In this way, the hacker can get information about the victim from a reliable source and use it for further attacks.