These attacks have a greater risk because phishers do a complete social profile research about the user and their organization - through their social media profile and company website. Unlike traditional phishing - which involves sending emails to millions of unknown users - spear phishing is typically targeted in nature, and the emails are carefully designed to target a particular user. Once a searcher clicks on the page link, s/he will never recognize that s/he is hooked until it is too late. Search engine phishing is the type of phishing that refers to the creation of a fake webpage for targeting specific keywords and waiting for the searcher to land on the fake webpage. The link would actually be a fake page designed to gather personal details. In SMiShing, users may receive a fake DM or fake order detail with a cancellation link. The user is targeted by using SMS alerts. SMS phishing or SMiShing is one of the easiest types of phishing attacks. Since voice is used for this type of phishing, it is called vishing → voice + phishing = vishing.Ĭonsidering the ease and enormity of data available in social networks, it is no surprise that phishers communicate confidently over a call in the name of friends, relatives, or any related brand, without raising any suspicion. Vishing refers to phishing done over phone calls. The McAfee report points out that there are many organizations who develop and deliver user awareness programs into their business areas, but the effectiveness of such programs varies, and in some identified cases, even after the security training has been delivered, it has done very little to educate their end users with any valued security awareness to mitigate the threat of the social engineering attack. McAfee’s whitepaper “Hacking the Humanos Operating System” focuses on the use of social engineering to attack home and business users and finds once again that people are the weakest link.
The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer. Social engineering is the art of manipulating people so they give up confidential information.