Antivirus Protection & Internet Security Software
Social engineering refers to the techniques used by cybercriminals to trick their victims into launching malicious files on their computers, opening a link to an infected website or or sending criminals their private data. It is often performed by gaining the confidence of unwary users or appealing for help and subsequently infecting their computer or device using various methods. Just a few forms of social engineering to be aware of include:
Users of all types of computers and mobile devices should keep a wary eye out for social engineering tricks. In recent years, social engineering tactics have grown increasingly complex and targeted towards newer devices such as smartphones and androids, creating a new urgency to be both watchful and up-to-date in terms of malware security.
Links to infected sites can be sent via email, ICQ and other IM systems – or even via IRC Internet chat rooms. Mobile viruses are often delivered by SMS message.
Whichever delivery method is used, the message will usually contain eye-catching or intriguing words that encourage the unsuspecting user to click on the link. This method of penetrating a system can allow the malware to bypass the mail server’s antivirus filters.
P2P networks are also used to distribute malware. A worm or a Trojan virus will appear on the P2P network, but will be named in a way that’s likely to attract attention and get users to download and launch the file – for example:
In some cases, the malware creators and distributors take steps that reduce the likelihood of victims reporting an infection:
Victims may respond to a fake offer of a free utility or a guide that promises:
In these cases, when the download turns out to be a Trojan virus, the victim will be keen to avoid disclosing their own illegal intentions. Hence, the victim will probably not report the infection to any law enforcement agencies.
Another example of this technique was the Trojan virus that was sent to email addresses that were taken from a recruitment website. People that had registered on the site received fake job offers – but the offers included a Trojan virus. The attack mainly targeted corporate email addresses – and the cybercriminals knew that the staff that received the Trojan would not want to tell their employers that they had been infected while they were looking for alternative employment.
In some cases, cybercriminals have used complex methods to complete their cyberattacks, including:
© 1997 – 2016 Kaspersky Lab
All Rights Reserved. Industry-leading Antivirus Software