Notes on Social Engineering Techniques

Misinformation and Disinformation

• Definition: Unlike opinions, misinformation and disinformation contain factually incorrect details intended to divide or confuse groups.
• Purpose:
  • Persuade belief in false truths.
  • Distract from true information damaging to a nation-state.

Influence Campaigns

• Location: Often found online, especially on social media.
• Actors: Commonly orchestrated by third-party governments or nation-states.
• Methods:
  • Spread through social media using influence campaigns based on political or social issues.
  • Utilize advertising not related to specific website visits.
  • Attackers use social media tools to create, share, and amplify misinformation.

Process of Misinformation

1. Creation of Fake Accounts:
   • Attackers create multiple fake user accounts.
2. Posting Content:
   • Post misinformation using a fake account on social media.
3. Amplification:
   • Use like, share, or follow options to spread the post.
   • Social media algorithms promote liked or shared posts.
4. Mass Media Engagement:
   • Once popular, mass media may cover the misinformation, increasing its reach.

Brand Impersonation Technique

• Use of Brand Names:
  • Attackers create fake sites using recognizable brand names (e.g., Coca-Cola, McDonald's).
• Search Engine Exploitation:
  • Google indexes these fake sites.
  • Users searching for brands might end up on impersonated sites.
• Outcome:
  • Users may encounter pop-ups offering software downloads.
  • Downloads likely contain malware, leading to infections.
  • Possible consequences:
    • Ad displays.
    • Site tracking.
    • Data exfiltration to attackers.