Home Security
PC Matic
PC Matic VPN
More Products
Support Unlimited
Identity Theft Protection
PC Magnum
Threat Awareness
How PC Matic Protects You
SuperShield Whitelist
Compare PC Matic
Norton
McAfee
Avast
AVG
Business Protection
PC Matic Pro
PC Matic MSP
Solutions
Allowlisting
Script Enforcement
Device Control
Patch Management
Remote Tools
Integrations
Server Security
Learn More
Resellers
Affiliates
Resources
Case Studies
Compare PC Matic Pro
ThreatLocker
Airlock Digital
VMware Carbon Black
AppLocker
For Federal
Partner Programs
Managed Service Providers
Channel Partners
Affiliate Partners
OEM Partners
Resource Center
All Resources
Case Studies
Data Sheets
User Guides
White Papers
Blog Resources
PC Matic Blog
Business Security
Home Security
Cyber News
Scam Alerts
Customer Service
Home Support
Business Support
Learn More
Getting Started
Knowledgebase
Tech Support Scams
Fake Virus Scams
Tools & More
Ransomware Center
Internet Speed Test
PC Matic
About
Careers
Learn More
Industry Recognition
Leadership
Commercials
Stay Up-to-Date
Newsroom
Blog
Events
TechTalk Podcast
Home Customers
My Account
PC Matic App
Add a Device
Renew Subscription
Business Customers
Business Login
Business Support
Search

The Seven Deadly Social Engineering Vices

The Seven Deadly Social Engineering Vices

By Stu Sjouwerman, for KnowBe4.com Security Awareness Training

You may not be aware that there is a scale of seven deadly vices connected to social engineering. The deadliest social engineering attacks are the ones that have the highest success rates, often approaching 100%. What is the secret of these attacks, how come they succeed so well?

Your own observations show you that people are very different. Some are always enthusiastic and willing to learn something new. Others are more conservative but courteous to their co-workers. A bit further down this scale are people that always looks like they are bored with life and then at the bottom are those who just don’t care and basically are in apathy about everything.

Successful social engineers first determine where their target is on this scale, and then select an attack that will have the highest degree of success with that person, trying to closely match their target’s look on life.

This scale of vices can be approached from either a negative or positive side. You can either call it gullibility or you can call it trust, call it greed or self-interest, but since we’re talking vices here we’ll stick to the negative labels.

Here are seven social engineering attacks that I hope are a good example of each one of the deadly vices, but note there is always overlap and things are not that clear-cut. We are dealing with humans after all!

Curiosity:

The attacker left a USB stick next to the washing basin in the restroom of the floor that had the executive offices and their administrative assistants. It was clearly marked ‘Q1 Salary Updates’. The USB drive had modified malware on it that installed itself and called home from any workstation it was plugged into. This attack was 90% effective.

Courtesy:

The attacker focused in on the CEO of his target company. He did his research, found the CEO had a relative battling cancer and was active in an anti-cancer charity. The attacker spoofed someone from the charity, asked the CEO for his feedback on a fund-raising campaign and attached an infected PDF. Mission achieved, the CEO’s PC was owned and the network followed shortly after. And of course holding the door open for a stranger with his hands full of boxes is a classic ‘Courtesy’ piggybacking example that we all know.

Article continued here

This excerpt appears with permission from knowbe4.com.

Stop Responding to Threats.
Prevent Them.

Get Protected

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles