Other Common Attacks Related to Social Engineering

Whaling

  • It is a highly targeted phishing attack aimed at senior executives, managers, or high-ranking officials. Attackers impersonate a trusted entity (such as a company’s CEO or a government official) to trick victims into transferring funds, revealing sensitive data, or installing malware.
  • Unlike regular phishing, whaling attacks are carefully crafted, often using personal details to make the emails or messages more convincing.

How to prevent:

  • Verify emails before responding to urgent requests for money or confidential information.
  • Implement email security measures like SPF, DKIM, and DMARC to detect fake emails.
  • Conduct security awareness training for employees to recognize suspicious emails.
  • Use multi-factor authentication (MFA) to prevent unauthorized access, even if credentials are compromised.

Shoulder Surfing

  • Shoulder surfing is a physical attack in which an attacker observes or records someone entering sensitive information, such as passwords, PINs, or security codes, by looking over their shoulder. It can happen in crowded cafes, ATMs, or public transport.
  • In some cases, attackers may use cameras or binoculars to capture information from a distance.

How to prevent:

  • Use privacy screens on your laptop or mobile devices to block side-angle views.
  • Be mindful of your surroundings when entering passwords or using sensitive information in public places.
  • Shield your PIN when using ATMs, point-of-sale terminals, or accessing banking apps.
  • Enable biometric authentication (fingerprint or facial recognition) instead of typing passwords in public spaces.

Credential Stuffing

  • A cyberattack where hackers use stolen username-password combinations from previous data breaches to gain unauthorized access to multiple accounts.
  • Since many people reuse passwords across different platforms, attackers automate login attempts to see if the stolen credentials work elsewhere. Credential Stuffing can lead to account takeovers, financial theft, or identity fraud.

How to prevent:

  • Use unique, strong passwords for each account and store them in a password manager.
  • Enable multi-factor authentication (MFA) to prevent logins, even if credentials are leaked.
  • Regularly check if your credentials have been compromised using services like Have I Been Pwned.
  • Implement account lockout mechanisms after multiple failed login attempts to prevent automated attacks.

SIM Swap Attack

A social engineering attack where cybercriminals trick or bribe a mobile carrier employee into transferring your phone number to a new SIM card. Once they control your number, they can intercept calls and SMS messages, bypass two-factor authentication, and gain access to banking, email, and social media accounts. This attack steals cryptocurrency, bypasses financial security checks, or commits identity theft.

How to prevent:

  • Use an authenticator app (such as Google Authenticator or Microsoft Authenticator) instead of SMS-based 2FA.
  • Set up a security PIN or passphrase with your mobile carrier to prevent unauthorized SIM swaps.
  • Be cautious of phishing attempts or suspicious calls asking for personal details related to your mobile service.
  • Monitor your phone for sudden loss of service or unusual SMS messages, which may indicate an ongoing SIM swap attack.

Juice Jacking

  • A cyberattack occurs when hackers install malware or data-stealing software onto public USB charging stations (e.g., airports, hotels, and cafés). When a user plugs their phone into an infected USB port, malware is installed to steal data, track keystrokes, or remotely control the device.
  • Attackers may also exfiltrate sensitive data such as passwords, contacts, and personal messages.

How to prevent:

  • Use a USB data blocker (a small device that prevents data transfer while allowing charging).
  • Carry your charger and plug it into a wall outlet instead of using public USB ports.
  • If you need to use a public charging station, make sure to power off your device before plugging it in.
  • Regularly update your phone’s security settings and turn off automatic file transfers over USB.