Types Of Social Engineering:

There are 6 types of Social Engineering, the 6 types of Social Engineering are as follows:

1. Phishing:  Phishing is a well-known way to grab information from an unwitting victim. The perpetrator typically sends an email or text to the target, seeking information that might help with a more significant crime.

Example:   A fraudster might send emails that appear to come from a source trusted ​by the (would be) victims. That source might be a bank, for instance, asking email recipients to click on a link to log in to their accounts. The email will look exactly the same, even the profile picture will be the same. Those who click on the link are taken to a fake website that looks legitimate. If they log in at that fake website, they’re handing over their login credentials and giving the access to their bank accounts to a perpetrator.

2. Baiting: Baiting is similar to phishing, but in baiting, the attacker promises something, like a fishman promises worm to a fish. Baiters may leverage the offer of free music or movie downloads, for example, to trick users into handing their login credentials.

Baiting attacks are not restricted to online schemes, either. Attackers can also focus on exploiting human curiosity via the us​e of physical media.

Example:   A cybercriminal might leave a USB stick, loaded with malware, in a place where the target will see it. In addition, the criminal might label the device in a compelling way, like writing "Confidential" or "Important" on the USB stick. The victim who takes the bait will pick up the device and plug it into a computer to see what’s on it. The malware will then automatically inject itself into the computer.

3. Email & Contact Spamming:  It’s in our nature to pay attention to messages from people we know. Some criminals try to take advantage of this by commandeering email accounts.

Example:   If your friend sent you an email with the subject, “Hey, I made an application, please review it!” you might not think twice before installing the application. The email might be sent by an attacker by using an SMTP server, SMTP servers can be used to spoof emails. Emails generated with an SMTP server look very legitimate, BUT THEY AREN'T LEGITIMATE. By using an SMTP server, the attacker might pretend to be a person whom you trust, and by misusing your trust the attacker will spread malware. In this case, the attacker might have embedded a malware in the application, and then once you download the application, the attacker will gain full control of your device. The primary objectives include spreading of malware and tricking people to divulge their personal data.

4. Pretexting:  Pretexting is the use of a pretext to capture someone’s attention. Once the pretext hooks the person, the fraudster tries to trick the (would be) victim into providing something valuable.

Example:   Let’s say that you received an email that is pretending to be from a bank, the email says, "XYZ is trying to add you as a beneficiary, please click on the link below and enter some details to confirm". In this case, the email is requesting you to enter some details in order to add you as a beneficiary in XYZ's account, instead, you're at risk of giving ​a con artist the ability to access & withdraw funds from your bank account.

5. Quid Pro Quo:  This scam involves an exchange in which the attacker pretends to give something to the (would be) victim and the (would be) victim will give some details to the attacker. Attacker makes the victim believe that it’s a fair exchange, but it isn't a fair exchange in reality.

Example:   A scammer may call a target, pretending to be an IT support technician from the company in which the (would be) victim works. The scammer might say that there is an important update in the company's software, and then the scammer will ask for login credentials to automatically install the update, the victim will immediately give the login credentials in order to get the update. Instead, the scammer will be able to access the victim's account. The scammer may use the victim's account to target other employees of the company.

6. Vishing: Vishing is the voice version of phishing. “V” stands for voice, but otherwise, the scam attempt is the same. The criminal uses the phone to trick a victim into divulging valuable information.

Precautions:

• Never share your personal details on call/email.

• Never share your OTP on call/email.

• Do not open a file/link/app sent by a stranger.

• Always check the signature of an email.

• Use an antivirus.

• Beware of fake websites.

• Never download applications from third party sources.

• Never use an external device given by a stranger.

• Never share sensitive information on call/email.

Prevention:

1. Qubes:  Qubes OS is a free and open-source, security-oriented operating system for single-user desktop computing. Qubes is a very secure operating system because it has different security domains for different purpose. It is extremely strong against social engineering attacks. Qubes is regarded as the most secure operating system. You can create different domains for different purpose, and if your X domain gets hacked then your Y domain wouldn't be compromised, for instance, if you want to open a file which looks suspicious, then you can open that file in the disposable domain, a domain particularly created for that file, and once the file is closed, the disposable domain will automatically get destroyed.

FULL GUIDE FOR QUBES OS

2. VirtualBox:  The purpose of using VirtualBox is same as the purpose of Qubes, but instead of having different domains in one operating system, VirtualBox can be used to install different operating systems inside one operating system. You can use all the installed operating systems for different purpose.

FULL GUIDE FOR VIRTUALBOX