**In Bangladesh ,** Below are the top cyber threats of Bangladesh. If we go through the all threats behavior of exploration, it is clearly identified that, most of the threats occur due to social engineering factors. {{:1619259900265.png?600|}} **What Is Social Engineering** Social Engineering is the psychological manipulation of people into performing actions or divulging confidential information. In terms of Information Security, Social Engineering attack is one of the most common phenomena considering our IT behavioral patterns. ** How Attacks relate to Social Engineering** __1 Spam Email phishing__ is the most common type of attack that features social engineering. The target receives a spam email spoofed to look like it was sent by a company or organization the target trusts. __2 Ransomware Ransomware__ is a type of social engineering that criminals use to infect computers, infiltrate company networks and steal data. __3 Phishing Phishing__ is the most common type of attack that features social engineering. __4 Malware__ When malware creators use social engineering techniques, they can lure an unwary user into launching an infected file or opening a link to an infected website. Many email worms and other types of malware use these methods. __5 Information Leakage__ It might happen through Social Engineering __6 Insider threat Social__ engineering is a method using interaction between humans to get the access of a system in an illegal way. Due to staff's lack of confidentiality, the confidentiality of records is compromised, data is stolen or financial damage is done. This is insider threat. __7 Identity theft__ In identity theft terms, 'social engineering' is the act of influencing one to become an identity theft victim through social tactics. Though complex methods are used, the goal remains the same; the identity thief tries to trick you into giving up sensitive information about yourself. __8 Web Based Attack__ Might occur through Social Engineering (Phishing, Baiting) __9 Data Breach__ Breach can be done through any human mistake or maniuplation. **10 Denial of Service DDOS is expediated by BotNet** __11 Web Application Attack__ Might Occur through Social Engineering (Phishing, Baiting) __12 Botnet__ Botnet,that exploits social engineering attacks to spread bots in social networks, has become an underlying threat. __13 Cryptojacking__ Crypto jacking is common and most form of social engineering, which exploits victims' psychological vulnerabilities. __14 Physical__ Manipulation Mostly through Social Engineering __15 Cyber Espionage__ cyber espionage, is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information **Common Social Engineering Behaviours** **Phishing, Spear Phishing and Whaling** __Phishing__ is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. It’s a cyber-attack that uses disguised email as a weapon. __Spear phishing__ is the act of sending and emails to specific and well-researched targets while purporting to be a trusted sender. __A whaling__ attack is a method used by cybercriminals to masquerade as a senior player at an organization and directly target senior or other important individuals at an organization. Its also known as CEO fraud Phishing campaigns don't target victims individually—they're sent to hundreds, sometimes thousands, of recipients. Spear phishing, in contrast, is highly targeted and targets a single individual No alt text provided for this image * Baiting Baiting is Phishing’s devious cousin. As the name suggests, Baiting involves luring an unsuspecting victim with a highly attractive offer playing on fear, greed and temptation to make them part with their personal sensitive data like log-in details. Baiting attacks are not restricted to online schemes, either. Attackers can also focus on exploiting human curiosity via the use of physical media. * Botnet A botnet is a number of Internet-connected devices, each of which is running one or more bots. By network of Zombie computers infected with malicious software resulting Distributed Denial-of-Service attacks, steal data, send spam, and allow the attacker to access the device and its connection. * Ransomware Malicious software that infects your computer, demands a fee (ransom) for your system to work again. Can be installed through email, IM, websites Can lock a computer screen or encrypt important, predetermined files **Best Practices to avoid Social Engineering for IT Administrators ** * Keep the operating system and installed software up-to-date. * Regularly uninstall software that is no longer used. * Use an antivirus program from a reputable company. * Patching IT infrastructure components in regular, scheduled basis. * Ensure backup management and Disaster Recovery if possible. * Use necessary network protections (firewall), Anti-Virus and other security tools * Equip your organization’s computers with antivirus, data loss prevention, and antispyware software, and update regularly * Protect all pages of your public websites, not just the payment and registration pages * Educate employees on cyber threats and how to protect your organization’s data ** Best Practices to avoid Social Engineering for Everyone ** * Don’t trust the display name or email subject. Don’t reply that mail. Look but don’t click any link and attachment from unknown sender. * Don’t give personal or company confidential information * Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines. * Review the signature. Legitimate businesses always provide contact details. * Use strong passwords. Use two-factor or multi-factor authentication necessarily. Never use default password * Prohibit the use of public WiFi hotspots