Samples of Social Engineering Attacks
8.3 Samples of Social Engineering Attacks
Let us first take a look at some common types of spam messages. These are examples right out of the spam folder in one of our email accounts.
8.3.1 Canadian Lottery
The first example is a common scam which advertises that the recipient is the winner of the Canadian Lottery.
It appears we have won $840,000, but we need to open the attachment to see the details. Before opening this attachment, we download and scan it with our local Anti-Virus solution. The scan comes up clean, but we always prefer to be doubly safe, so we also submit it to Virus Total for a further review.
Once we know it is clear, we can go ahead and open the attachment.
Surprisingly enough, we have not bought a lottery ticket. We just took the most roundabout way to prove that this email was not legitimate, but would most people do the same verification? Would someone who is suffering financially mind, sending such information just in case they won? This is exactly what the scammers are hoping.
8.3.2 FBI E-Mail Sample
Oh no, the FBI has sent me an email!
The Director of the FBI, Mr. Mueller wants me to send $200 and my personal information to Mr. Paul Smith. We should rest assured that it is legitimate, since the FBI was involved...(wink, wink)β¦.wait a minute! This says the email came from Mr. Mueller at the FBI. We can verify that, by looking at the message headers in the email. Letβs take a quick look.
According to the headers, the Reply-To: for this message is a paulsmith6@gala.net. That is funny; we thought we were supposed to send our message to paulsmith4@gala.net. Why would the FBI have me contact a guy overseas to give him $200 and my personal information?
8.3.3 Online Banking
These were just a couple of emails out of my spam folders. Others emails can be even more convincing, as they have bank logos and official looking content
The link does not go to BOA, but to thesochtimes.com. This is another way that tricksters can fool the unknowing masses: making the link look official, but redirecting the victim to a page that is owned by them. The page would look real, but ultimately the person is just giving up their banking information.
Last updated