Also called “quid pro quo” attacks, scareware attempts to trick people into taking action by suggesting that if they do the requested action, they will avoid harm. For example, a scareware attack might suggest that a user’s computer is infected with a virus and that clicking on the link will erase the infection; but in reality, it deploys the malware.
Whether these occur digitally or physically, they follow the same pattern. Pretexting is when a malicious attacker does research, creates a viable story, and then pretends to be someone who would otherwise be viewed as legitimate.
For example, cyber criminals might impersonate:
- IT Staff
- Customer service representatives
- Survey takers
A highly strategic and risky social engineering attack is farming or hunting, where the cyber criminal forms a relationship with the victim and develops a relationship over time. While this might be riskier because the victim may realize the criminal is acting, it also has a larger payout because it builds a stronger foundation of trust.