How are Socially Engineered Cyber Security Attacks Executed?

Socially engineered cyber security attacks are designed to target individuals online based on their insecurities. These Trojan virus containing files have names that catch one’s attention and compel them to run the program or download the file. Viruses such as Mydoom and LoveLetter were some of the early and devastating iterations of this type of cyber attacks.

Points of Contact

These engineered Trojans are distributed and designed in ways that appeal to the intended targets.

Some of the common platforms where these viruses are distributed:

• SMS (For infecting mobile devices)
• E-mails
• ICQs
• Internet Chat Rooms

With the help of a very ingenious message which lures people to click on the infected link, the Trojan Virus infiltrates the device and bypasses the system’s Mail security Protocols.

But these techniques are not only limited to communication platforms. Infected websites also deliver these types of Engineered Trojans to a user’s device. For example, a ‘pop-up’ or a banner ad usually flashes a message such as ‘Your PC is Slow’ or ‘You are Infected, Download Antivirus’ which if clicked prompts you to download a file, presumably of an antivirus. But that is when disaster strikes. The moment you download the file and run it, the Trojan enters your device and completely infects it.

Psyche of the Crime

The cyber criminals who create and design these types of viruses, try and out think the average user. They think of scenarios that will encourage unsuspecting users to click an infected file or download the virus and at the same time not report it.

They use corporate databases to send fake emails to employees and in those emails promise them lucrative job opportunities. Once the employee opens the email or downloads the file, his system inadvertently becomes infected. This puts the person infected in a box as he won’t be able to explain the infection as he would be exposed to searching for other jobs in the audience of his colleagues.

 In peer to peer messaging, the file names used to disguise the virus appeal to the users so they download and run it. Names like Porn.exe, CreditCardGenerator.exe, MicrosoftOfficeKeyGenerator.exe are used and prove quite effective.

Disguising the virus by using compelling file name is a trick that is universal to all Socially engineered viruses. Often even the icons are morphed to resemble other trusted file formats such as Adobe, MS word etc.

These small changes to the file names, icons, and messages help the cyber criminals to distract the targets from the true nature of the file and create a kind of trust that leads to them downloading the virus.

It is therefore important to maintain certain ground rules when on the internet:

• Do not open Links from un-trusted sources
• If some offer seems too good to be true, it is most likely a trap
• Do not download files from untrusted sites
• Always use best virus protection