YLTB!

/

Tumblr

/

Linkedin

Post 4: How do cyber-criminals target you? A peek into social engineering.

Greetings,  Dear Readers!  “Your Legal-Tech Brew!” is a blog as cliché as any other blog…. It is an honest attempt towards compiling recent news in cyber-legal space, for the readers to understand right from the basic terminologies to analyzing existing legal framework across dimensions of cyberspace through various brief posts.  (The content of the blog…

Greetings, 


Dear Readers! 

“Your Legal-Tech Brew!” is a blog as cliché as any other blog…. It is an honest attempt towards compiling recent news in cyber-legal space, for the readers to understand right from the basic terminologies to analyzing existing legal framework across dimensions of cyberspace through various brief posts. 
(The content of the blog is original work of the author, due credits have been given for the content referred from different sources. The blog is for information purpose only.)



🖧Post 1/2025: How do
cyber-criminals target you? A peek into social engineering.

 

Cybercrimes prove to be a distinct
category of crimes when contrasted with the traditional crimes, due to the peculiarities and unpredictable modus operandi. Cybercrimes are transnational and
can be targeted towards any user from anywhere globally. The cyber criminals majorly
use ‘psychological manipulation’ techniques to establish connection with their
targets. The trending cyber-fraud of ‘digital arrest’ is one of the classic examples of the same. This manipulation technique that the cybercriminals use is known as ‘social
engineering’.

Through this social engineering, the perpetrators gain hold of the victim’s personal data, credentials, access
to their devices and trick individuals into sharing of other sensitive
information about themselves, which is later used in black-mailing or extortion. Honey-traps,
digital arrest, Phishing, Whaling (a more detailed attack as compared to phishing) and data compromises are some USUAL examples
of social engineering in cyber-crimes.

Modus Operandi of Social Engineering?


(Figure1:The Modus Operandi)

Step I: The perpetrators identify
the victims by contacting them on social media platforms or via emails pr phone
calls. Here, they conduct a proper investigation and research on the user they
want to target by gathering background information, vulnerabilities and the
resource they want to exploit.

Step II: The perpetrator will
establish a connection with the target by engaging the target, creating a fake
scenario which will engage the victim, overpower the victim in the
conversation, identify the weakness and try to assure them as to start gaining
the trust of the target.

Step III: The perpetrators show commitment
towards the victim by completely gaining their trust so much that the victims
will blindly follow their instructions. In some cases, this stage also includes
black-mailing and extortions.

Step IV: The cyber criminals may
submit fake authenticity proofs and even showcase that people known to the
victim have also been involved in this transaction and it is safe for victim’s
usage as well.

Step V: Execution and then Exiting
are usually two steps that are being carried out together, when the victim has
finally given the information and personal data as required by the
cybercriminals, they will cover their tracks, stop contacting the victim, and exit
in a suspicious way leaving the victim with loss at hand.

Takeaways:

One of the greatest dangers of
social engineering is that the attacks don’t have to work against everyone: A
single successfully fooled victim can provide enough information to trigger an
attack that can affect an entire organization.[1]

Dos and Don’ts:

Basic steps and vigilance can
prove to be of great help while preventing these social engineering attacks on
yourself.

Avoid establishing contacts with unknown persons/users;

Always check the validity of the
sources from which an email is sent;

Being VIGILANT;

Avoiding use of URLs that do not begin
with HTTPs;

Being careful of phone calls and
emails asking for your personal data and being aware of impersonation;

Never respond to any message
asking for URGENT REQUESTS;

Never use unknown USBs or click
or download materials from unfamiliar websites or senders.

                                                                             📎

(The blog and content therein including the figures, is an original work of the author, using the content without prior permission from the author is not encouraged.)

2 responses

  1. Avatar
    Anonymous

    Very nice

    Like

    Reply
  2. Avatar
    Anonymous

    Very nice

    Like

    Reply

Leave a comment

This is a blog aiming to provide its readers with basic legal-tech knowledge that is necessary in the current times.

The author (www.linkedin.com/in/adv-annanya-deshpande) is a cyber law enthusiast and a keen researcher on the theme of Cyber Law and Artificial Intelligence. She aims to share the basic knowledge of the legal-tech world to the commoners and also the professionals.

The Blog post provides with short/brief reads, regarding the ongoing trends, Statutory viewpoints, the tussle between practicality and the letter of law, while also explaining the basic terms used in the field of AI and technology.

The author is always open to constructive criticism and feedback. Collaborations are welcomed! Any insight can be communicated via the feedback form/ LinkedIn.

Related posts