Social engineering is a type of information security attack that relies heavily on human interaction, tricking users or manipulating people into revealing confidential and sensitive information.
Malicious e-mails, or phishing, is most common type of social engineering attack
Below is an example of social engineering red flags in an email:
Non-E-Mail Social Engineering Attackers:
• Pretexting: is when someone calls an employee and pretends to be someone in power, such as the CIO
• Vishing: just like phishing, but instead done over the phone.
• Smishing: Attackers send SMS messages and attempt to acquire personal information or send the user to a website with malware.
• Baiting: exploits the human's curiosity, such as a leaving USB drive lying around and hoping someone will pick it up and insert into a PC, and gaining access to confidential information
• Shoulder surfing: A person looks over your shoulder to obtain personal information, such as a password, or a PIN at an ATM.
• Tailgating: An attacker will seek entry to a restricted area by closely following behind someone with legitimate access.
• Water holing: An attacker identifies a website or websites that a user or a group of users often visit, and hackers probes the target website for weaknesses to inject malicious code that infects a visitor’s system.
• Dumpster diving: An attacker goes through the garbage to try to find sensitive information.