Besides network, host, and application related malicious indicators, we have other malicious indicators. Other malicious indicators are based on social engineering attacks. Social engineering attacks involve human involvement and can involve someone calling you or befriending you to get inside a building or to get some sort of information. Most social engineering attacks today are a form of phishing (whaling, vishing, smishing). We also have physical forms of social engineering attack like tailgating and shoulder surfing as well.
Phishing is simply using email to lure victims to either share certain information or to have them click on an attachment or a link to install a malware. Most commonly used tactic in phishing is obfuscated links, where the URL has simply been modified to conceal the legitimate location of a website or server. Bad URLs are usually detected and caught, but if the URL is obfuscated, then it won’t be able to. There are countless ways to obfuscate URLs like using URL shorteners, redirecting, doppelganging, and mixing. This is why a lot of companies use multifactor authentication so that even if your password is compromised, you are safe, even after clicking on a malicious website that looks like a legitimate paypal site. However, the best way to prevent this is to read the email carefully and never click on any links. It’s best to type the actual URL yourself instead of clicking whatever is in the email.
Most common indicators of phishing attempts or any social engineering are words that raises urgency like “must pay now, urgent, alert, account will delete, etc.”, links that states “click here now”, spelling and grammatical errors, any attachments, and unknown senders.
HansITAcademy 