Social engineering is a type of attack that targets human psychology, not a technical vulnerability.
Methods
- Vishing (fake phone call)
- Smishing (fake SMS)
- Pretexting (impersonation - e.g. IT support)
- Tailgating (entering the authorized door and passing along)
- Baiting (free USB memory release)
- Quid pro quo (information in exchange for a gift)
Typical Attack Scenarios
- "Bank customer service" call (fake)
- "IT department" password request
- "CEO" e-mail fraud (CEO fraud)
- "Immediate assistance needed nearby" scenario
In Companies Effect
- Big loss if employee training is inadequate
- CEO Fraud, millions of dollars lost
- Data leak
- Image damage
Related Crimes
- TCK art.158/1-f fraud with information system
- TCK art.135 recording of personal data
- TCK art.157 fraud
Prevention (Company)
- Regular employee training
- 2FA on all accounts
- Double confirmation system (large transfers)
- Security policies
- Phishing simulations
Prevention (Individual)
- Do not give password to suspicious searches
- Do not give passwords to suspicious searches
- Do not give passwords to suspicious searches review
- Do not share SMS code
- Confirm "urgent money" messages by phone
Supreme Court 23. CD
23. CD accepts that "organized and systematic" social engineering frauds constitute an organized crime and will lead to heavy penalties.
Cyber crimes lawyer is recommended.