Social Engineering

Social engineering is a type of information security attack that relies heavily on human interaction, tricking users or manipulating people into revealing confidential and sensitive information.

Malicious e-mails, or phishing, is most common type of social engineering attack

Below is an example of social engineering red flags in an email:


Non-E-Mail Social Engineering Attackers:

•    Pretexting:  is when someone calls an employee and pretends to be someone in power, such as the CIO

•    Vishing: just like phishing, but instead done over the phone.

•    Smishing: Attackers send SMS messages and attempt to acquire personal information or send the user to a website with malware.

•    Baiting: exploits the human's curiosity, such as a leaving USB drive lying around and hoping someone will pick it up and insert into a PC, and gaining access to confidential                information 

•    Shoulder surfing: A person looks over your shoulder to obtain personal information, such as a password, or a PIN at an ATM.

•    Tailgating: An attacker will seek entry to a restricted area by closely following behind someone with legitimate access.

•    Water holing: An attacker identifies a website or websites that a user or a group of users often visit, and hackers probes the target website for weaknesses to inject malicious code that infects a visitor’s system.

•    Dumpster diving: An attacker goes through the garbage to try to find sensitive information.