[et_pb_section fb_built=”1″ _builder_version=”4.20.2″ background_image=”https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2023\/03\/image7.png” parallax=”on” min_height=”610px” custom_margin=”-160px||-3px||false|false” custom_padding=”37px||22px|||” locked=”off” global_colors_info=”{}”][et_pb_row custom_padding_last_edited=”on|phone” _builder_version=”4.20.4″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” width_tablet=”” width_phone=”92%” width_last_edited=”on|desktop” custom_margin=”|auto|0px|auto|false|false” custom_padding=”62px||0px||false|false” custom_padding_tablet=”0px||||false|false” custom_padding_phone=”10px||||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.20.2″ text_font=”|900|||||||” text_text_color=”#ffffff” text_font_size=”65px” text_letter_spacing=”2px” text_line_height=”1.8em” header_font=”|800|||||||” header_text_color=”#ffffff” header_font_size=”65px” header_letter_spacing=”2px” header_line_height=”1.8em” text_orientation=”center” custom_margin=”45px||||false|false” custom_margin_phone=”0px||||false|false” custom_margin_last_edited=”off|desktop” text_font_size_tablet=”49px” text_font_size_phone=”38px” text_font_size_last_edited=”on|tablet” text_line_height_tablet=”1.8em” text_line_height_phone=”1.8em” text_line_height_last_edited=”on|desktop” header_font_size_tablet=”” header_font_size_phone=”38px” header_font_size_last_edited=”on|desktop” text_text_shadow_style=”preset1″ header_text_shadow_style=”preset1″ text_text_align=”center” global_colors_info=”{}”]<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”4.16″ background_color=”#f2f2f2″ custom_margin=”|0px||0px|false|false” custom_padding=”|0px||0px|false|false” global_colors_info=”{}”][et_pb_row _builder_version=”4.16″ width_tablet=”91%” width_phone=”92%” width_last_edited=”on|tablet” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_text _builder_version=”4.20.2″ text_font=”Roboto||||||||” text_text_color=”#333333″ text_font_size=”18px” global_colors_info=”{}”]<\/p>\n
How could it be that Olena downloaded the virus, believing that by following the link she would receive a brand new iPhone as a gift? Did Oleksiy do better than Elena by inserting a pretty flash drive with an interesting logo that he had just found in a cafe into his work computer? Both became victims of social engineering. <\/span><\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”4.17.1″ custom_margin=”||||false|false” global_colors_info=”{}”][et_pb_row _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” width=”92%” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.20.2″ text_text_color=”#333″ text_font_size=”16px” header_text_color=”#111″ global_colors_info=”{}”]You have probably heard more than once about how people reveal their bank card details, passphrases, PIN codes and passwords to fraudsters. Back in 2019, according to the Ukrainian Interbank Association of members of payment systems \u201cEMA\u201d, fraudsters stole more than UAH 360 million from bank cards using social engineering methods.<\/span><\/p>\n In general, social engineering is a science that studies human behavior and factors (circumstances, environment, personal value system) that can influence it. But this term is widely used among information security specialists in the sense of psychological manipulation, which is carried out by fraudsters in order to obtain confidential information from network users (or company employees). <\/span><\/p>\n Such fraudsters are often called \u201cspecialists\u201d in social engineering. <\/span>It is not for nothing that we put the word \u201cspecialists\u201d in quotation marks, because the context of the word here is not at all positive. <\/span><\/i>We must admit that their manipulations work well \u2013 in 65% of cases, fraudsters achieve their goals where the system is reliably protected by hardware methods. <\/span><\/p>\n The human factor becomes a weak link in it, because a person has feelings and is prone to emotional states, unlike technology. So, under certain circumstances, a person can disclose information even to strangers, trusting them for some reason. <\/span>[\/et_pb_text][et_pb_image src=”https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2023\/03\/image7.png” alt=”image7″ title_text=”image7″ _builder_version=”4.20.2″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” width=”92%” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.20.2″ text_text_color=”#333″ text_font_size=”16px” header_text_color=”#111″ global_colors_info=”{}”]<\/p>\n To obtain information, fraudsters primarily use such human weaknesses as fear, curiosity, inattention, inexperience. If the attackers have an advanced level and more far-reaching goals, they try to make friends with the victim, gain trust by communicating with them for some time. <\/span><\/p>\n The methods by which criminals obtain the information they need are called:<\/span><\/p>\n [\/et_pb_text][et_pb_image src=”https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2023\/03\/image6.png” alt=”image6″ title_text=”image6″ _builder_version=”4.20.2″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” width=”92%” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.20.2″ text_text_color=”#333″ text_font_size=”16px” header_text_color=”#111″ global_colors_info=”{}”]<\/p>\n The essence of this method is that the victim performs actions that the attackers push him to do according to a previously developed script. This can be the disclosure of some data, or the download of malicious software. To develop a suitable scenario, fraudsters first track down the victim, collect data about him and the company he works for: full name, date of birth, position, department name, name of projects he works with, name of employees, etc. The attacker tries to find out about the missing elements through the social network (for example, by hacking the accounts of friends in social networks).<\/span><\/p>\n Having obtained the necessary information, the fraudster can impersonate another person, already communicating with the head of the unit. Having collected data about the middle manager, he already turns to his supervisor. And so he acts until he gains access to the bank accounts of the company or hacks the account of the super administrator on the site.<\/span><\/p>\n Phishing can vary according to the method of communication: written (97%), spoken (2%) or a combination of them (1%). <\/span><\/p>\n [\/et_pb_text][et_pb_image src=”https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2023\/03\/image2-1.png” alt=”image2″ title_text=”image2″ _builder_version=”4.20.2″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” width=”92%” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.20.2″ text_text_color=”#333″ text_font_size=”16px” header_text_color=”#111″ global_colors_info=”{}”]<\/p>\n Email is the most common type of phishing. It is based on sending the victim an SMS notification or a letter to the mail with malicious software or a fake site with a data entry form. To identify a fake site, you need to pay attention to its address.<\/span><\/p>\n In order for the user to open the message and follow the link, the attacker fakes it as an appeal from banks, government agencies, security services, police, volunteer organizations, etc.<\/span><\/p>\n [\/et_pb_text][et_pb_image src=”https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2023\/03\/image3.png” alt=”image3″ title_text=”image3″ _builder_version=”4.20.2″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][et_pb_text _builder_version=”4.20.2″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n An example of a fake page, the address of which differs by one letter and has an additional level of the \u201cin\u201d domain.<\/span><\/em><\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” width=”92%” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.20.2″ text_text_color=”#333″ text_font_size=”16px” header_text_color=”#111″ global_colors_info=”{}”]<\/p>\n Key phrases that Internet users respond to more often:<\/span><\/p>\n Phone phishing is even more dangerous than correspondence, because in this case it is easier for the fraudster to create conditions for urgent action, when the victim does not have time to think. And when a person is in a hurry, he often makes mistakes. <\/span><\/p>\n The topics that phone fraudsters cling to are similar to those we talked about in the previous paragraph, but other manipulations related to the need for an urgent solution may be added to them:<\/span><\/p>\n In addition, fraudsters use the “official call” method from banks, services or the police. They are presented by other persons and completely copy the style of official messages, so people usually believe them. <\/span><\/p>\n There are also cases when the victim is first sent a letter, and then additionally calls so that she is sure to open it and receive a \u201cTrojan horse\u201d (malicious software under the pretext of downloading a supposedly safe file).<\/span><\/p>\n [\/et_pb_text][et_pb_image src=”https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2023\/03\/image1.png” alt=”image1″ title_text=”image1″ _builder_version=”4.20.2″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” width=”92%” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.20.2″ text_text_color=”#333″ text_font_size=”16px” header_text_color=”#111″ global_colors_info=”{}”]<\/p>\n This method is similar to a \u201cTrojan horse\u201d. Only it consists in the fact that a physical medium (flash drive) is thrown to the victim, which activates a ransomware virus or a spy virus. The media has a good look, official logos to attract attention. It seems that someone loses it in public places: in a caf\u00e9, a co-working space, in a parking lot, in a sports club, a room for workers to change clothes\/smoking, etc. And when a person inserts the find into a personal \/ work device, he gets troubles, such as: blocking of programs, changes in databases, theft of passwords.<\/span><\/p>\n [\/et_pb_text][et_pb_image src=”https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2023\/03\/image5.png” alt=”image5″ title_text=”image5″ _builder_version=”4.20.2″ _module_preset=”default” module_alignment=”center” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” width=”92%” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.20.2″ text_text_color=”#333″ text_font_size=”16px” header_text_color=”#111″ global_colors_info=”{}”]<\/p>\n This method is not very simple and involves observing the victim in public places. And although everyone may think that they will be able to notice the person who is watching them in time, this is not always the case. Because attackers can work in a team, and one of them can distract the user’s attention, and the second can stand behind him. In this way, attackers can not only see the PIN code from the card (which a person enters at an ATM or at the checkout in a supermarket), but also spy on the two-factor authentication message code on the phone\/laptop screen.<\/span><\/p>\n In the second case, he works according to the following method: he receives the phone number of the victim, for example, in social networks. Then, while she’s standing somewhere in line, the scammer dials a password reset feature with a text message on her phone. Unsuspecting, a person takes out a phone, on the screen of which a message with a code appears. In this way, the attacker opens an account in social networks and gets access to all linked services.<\/span><\/p>\n [\/et_pb_text][et_pb_image src=”https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2023\/03\/image4.png” alt=”image4″ title_text=”image4″ _builder_version=”4.20.2″ _module_preset=”default” module_alignment=”center” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” width=”92%” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.20.2″ text_text_color=”#333″ text_font_size=”16px” header_text_color=”#111″ global_colors_info=”{}”]This method of attack involves creating such conditions that a person believes that he has serious problems. These can be issues related to bank accounts, insurance, equipment health, network access, etc. \u0417\u043b\u043e\u0432\u043c\u0438\u0441\u043d\u0438\u043a \u043c\u043e\u0436\u0435 \u0434\u0437\u0432\u043e\u043d\u0438\u0442\u0438 \u043a\u0456\u043b\u044c\u043a\u0430 \u0440\u0430\u0437\u0456\u0432, \u043d\u0430\u0437\u0438\u0432\u0430\u044e\u0447\u0438\u0441\u044c \u0456\u043d\u0448\u043e\u044e \u043b\u044e\u0434\u0438\u043d\u043e\u044e \u0456 \u0437\u0430\u043f\u0438\u0442\u0443\u044e\u0447\u0438, \u0447\u0438 \u0432\u0441\u0435 \u0433\u0430\u0440\u0430\u0437\u0434, \u043f\u0440\u043e\u043f\u043e\u043d\u0443\u044e\u0447\u0438 \u0437\u0430\u043f\u043e\u0432\u043d\u0438\u0442\u0438 \u0430\u043d\u043a\u0435\u0442\u0443, \u043f\u043e\u0442\u0456\u043c \u0441\u0432\u043e\u0457 \u043f\u043e\u0441\u043b\u0443\u0433\u0438. \u041a\u043e\u043b\u0438 \u043b\u044e\u0434\u0438\u043d\u0430 \u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u0435\u0440\u0435\u043a\u043e\u043d\u0430\u0454\u0442\u044c\u0441\u044f, \u0449\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0438 \u0454, \u0432\u043e\u043d\u0430 \u0437\u0432\u0435\u0440\u0442\u0430\u0454\u0442\u044c\u0441\u044f \u0434\u043e \u0437\u043b\u043e\u0432\u043c\u0438\u0441\u043d\u0438\u043a\u0430, \u044f\u043a\u0438\u0439 \u043a\u0430\u0436\u0435, \u0449\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u0438\u0440\u0456\u0448\u0443\u0454\u0442\u044c\u0441\u044f \u043b\u0435\u0433\u043a\u043e, \u043f\u043e\u0442\u0440\u0456\u0431\u043d\u043e \u043b\u0438\u0448\u0435 \u043d\u0430\u0434\u0430\u0442\u0438 \u0434\u0435\u044f\u043a\u0456 \u0434\u0430\u043d\u0456 \u0430\u0431\u043e \u0432\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u0443. <\/span><\/p>\n An example of dialogue in a large company, where specialists from different departments hardly cross each other.<\/span><\/p>\n <\/p>\nWhat is social engineering<\/b><\/h2>\n
\nMethods used by fraudsters to obtain information<\/b><\/h2>\n
\n\n
Pretexting <\/b><\/h3>\n
Phishing<\/b><\/h3>\n
Phishing in correspondence<\/b><\/h4>\n
\n
Phone phishing<\/b><\/h3>\n
\n
Road apple<\/b><\/h3>\n
Shoulder surfing<\/b><\/h3>\n
Quid pro quo<\/b><\/h3>\n