Common Weaknesses Cybercriminals Exploit
While reading the Cisco Annual Report they came up with seven common social engineering attacks that cybercriminals use. Now these types of attacks are common and are not unheard of. You should be familiar with most if not all these weaknesses that cybercriminals use. Sex appeal, which means scammers will try to find or put up attractive man or woman. Then tempt the user for information. People should remember if you don't know the person this will more than likely not be romance but something else. (Like your personal information) Greed, there is this saying and I'm sure you've heard of it, "if it sounds too good to be true, it probably is". This could be anything from a free iPod offer, to those Nigerian wire transfer offers. Don't provide them with your personal information! Vanity, which means you have been chosen or that you are a winner in some contest that you did not enter. Or that you have been selected in a group of winners and are receiving a share. Again these types of scams are meant to give your personal information away to somebody you don't know. Trust, which can be implied or transient. Implied is the attempt to convince individuals that they represent a high-profile brand. (Apple, Microsoft, Dell, HP) and therefore can be trusted. With transient trust scammers pretend to be a trusted companion of someone you know but have never heard of them. Users should always be aware that anything that involves a trust relationship should send some flags. Laziness, this could be anything from misspellings in e-mails, messages, and websites. If the URL in the website is misspelled or that e-mail from your bank. Those should be warnings that the information is also fake. Compassion, scammers love those kindhearted people. This could be anything from nonexistent nonprofits, such like major disasters. (Like the earthquake in Haiti) Along with the 2009 scam that involved Facebook. Hijacking users’ accounts then posting and claiming that the account holder was stranded somewhere and needed money. Users should be aware and maintain a high level of skepticism toward these types of messages. Urgency, there are tons of scams that insist on a fast response and tell the potential victim to “act now” or that “time is running out.” These types of messages don't always come in e-mails or the web. There are phone calls claiming they need personal or company files. Users should always check the company and should never feel pressured to respond immediately. Always be aware of these weaknesses and if and doubt don't!