Warning issued by UAE Cybersecurity Council about six deceitful strategies using social media to trick the public
In the digital age, where our lives are increasingly intertwined with technology, it's essential to be aware of the various methods cybercriminals use to breach electronic systems. One such approach is social engineering, a common tactic that manipulates human psychology to bypass technical security measures.
Phishing is the most pervasive and widely used social engineering attack. It involves sending deceptive emails, messages, or websites to trick victims into revealing sensitive information like passwords or financial data [2][4][5]. Pretexting is another technique where attackers invent believable scenarios or impersonate someone trustworthy to manipulate the target into divulging private information [1][3].
Cybercriminals often use Baiting to exploit curiosity by leaving infected devices like USB drives or offering free downloads that install malware when interacted with [3]. Smishing, a form of social engineering, uses fraudulent text messages containing urgent claims, enticing links, or fake reward offers leading to malicious software downloads or personal data theft.
Watering Hole Attacks compromise websites frequently visited by the victims to infect their devices with malware [1]. Honey Trap creates false romantic or personal relationships to build trust and eventually extract sensitive information or access. Tailgating involves gaining unauthorized physical access by following legitimate employees through secure entry points without proper authorization [1].
More targeted forms of phishing include Spear Phishing, which focuses on specific individuals, Whaling, which targets high-profile individuals, and Smishing and Vishing, which use SMS messages and phone calls, respectively [5].
Malware-based Social Engineering convinces victims to install malicious software by using deceptive messages, often linked to phishing [2]. DDoS Attacks facilitated via Social Engineering can occur when machines infected by malware from social engineering attacks are used for distributed denial-of-service attacks [2].
Social engineering via OSINT (Open-Source Intelligence) involves gathering publicly available information online to craft targeted attacks. Quid Pro Quo Scams are social engineering techniques where fraudsters offer fake technical support or "gifts" such as shopping vouchers in exchange for personal information.
In light of these threats, the UAE Government's Cybersecurity Council advises against sharing personal data online or on social media platforms. Verification of messages is recommended before sharing any information to avoid falling victim to social engineering scams. Be wary of scammers impersonating trusted individuals and exploiting vulnerabilities to steal information.
Stay vigilant, and remember that awareness is your best defence against social engineering attacks.
News reports often highlight the various methods cybercriminals use to bypass technology-based security measures, such as phishing attacks, pretexting, baiting, smishing, watering hole attacks, honey traps, and tailgating. To protect oneself, it's crucial to be aware of these tactics and verify messages before sharing sensitive information, as well as avoid sharing personal data online or on social media platforms. Stay vigilant and remember that awareness is the best defense against social engineering attacks, especially those facilitated via malware, DDoS attacks, OSINT, and quid pro quo scams.
