New social engineering techniques - ties2/Red-Team GitHub Wiki

Social engineering is a form of cyber attack that relies on manipulating human behavior to gain access to sensitive information or systems. Social engineers use a variety of tactics to trick their targets into divulging confidential information or performing actions that are harmful to their organization's security. As technology evolves, so do the methods that social engineers use to carry out their attacks. In this essay, we will explore some of the new social engineering techniques that are emerging in the cyber security landscape.

Deepfake Videos

Deepfake videos are videos that use artificial intelligence (AI) to create a realistic-looking fake video of a person saying or doing something that they never actually did. This technology has been used to create fake news stories, manipulate elections, and even blackmail individuals. With the rise of deepfake videos, social engineers can create fake videos of executives or employees, making it look like they are disclosing confidential information or performing illegal activities.

Voice Phishing (Vishing)

Voice phishing, also known as vishing, is a social engineering technique that involves using voice communication, such as phone calls, to trick targets into divulging sensitive information. Vishing is a growing threat as more people use their mobile phones for business and personal communication. Social engineers use fake caller ID information, impersonate trusted sources, and create a sense of urgency to convince their targets to give up confidential information.

Pretexting

Pretexting is a social engineering technique where an attacker creates a false pretext, such as impersonating a trusted source, to obtain sensitive information from a target. Pretexting often involves the use of social media and other online sources to gather information about the target that can be used to create a convincing pretext. For example, an attacker might impersonate a customer service representative and use personal information they found on social media to convince a target to provide their account credentials.

Baiting

Baiting is a social engineering technique that involves offering something of value, such as a free movie download or a USB drive with important documents, in exchange for sensitive information or access to a network. Baiting attacks are often carried out through email or social media messages, and can be highly effective in convincing targets to take action. In some cases, baiting attacks may also involve physical methods, such as leaving a USB drive in a public place where it is likely to be found.

Spear Phishing

Spear phishing is a targeted form of phishing that involves sending customized phishing emails to a specific individual or group of individuals. Spear phishing emails often appear to be from a trusted source, such as a colleague or business partner, and may contain information that is relevant to the target's job or interests. These types of attacks can be highly effective, as they are tailored to the target and may appear more legitimate than generic phishing emails.

Business Email Compromise (BEC)

Business Email Compromise, or BEC, is a type of social engineering attack where an attacker impersonates an executive or other high-level employee to trick employees into transferring money or sensitive information. BEC attacks often involve the use of fake emails or fake websites that are designed to look like legitimate company resources. These types of attacks can be highly effective, as they use a combination of social engineering and technical deception to trick employees into taking actions that can be harmful to the organization.

In conclusion, social engineering is an ever-evolving threat to cyber security, and attackers are constantly developing new techniques to trick their targets. By staying informed about the latest social engineering techniques and implementing security measures such as employee training and multi-factor authentication, organizations can help protect themselves from these types of attacks. It is important to remember that cyber security is not just about protecting technology, but also about protecting the people who use that technology.