Social Engineering

Social engineering is a manipulation technique used to deceive and persuade people to share confidential information, provide access to secure systems or perform actions detrimental to themselves or their organization. It can be seen as a form of psychological manipulation in which the attacker takes advantage of the victim’s weaknesses and human emotions.

How is social engineering applied?

Social engineering can be applied through various channels, such as e-mail, telephone, SMS, social media or personal contact.

Below are 10 examples of common social engineering attacks.



Phishing:

 An attacker sends an email or message with the goal of getting the victim to click on a malicious link, stealing sensitive information or installing malicious software.


Spear phishing
: a targeted phishing attack in which the attacker poses as a trusted source, such as the victim’s boss, to obtain sensitive information.


Pretexting:
 an attacker creates a fictitious situation or problem to make the victim think they need help, and then tries to obtain sensitive information.


Baiting:
 An attacker lures the victim with an enticing offer, such as a free gift card, to entice the victim to perform a certain action, such as entering personal information on a fake website.

Scareware: an attacker displays a warning on the victim’s screen stating that their computer has been infected with a virus or malware. The attacker then offers a solution to fix the problem, usually for a fee.


Vishing:
An attacker uses the phone to convince the victim to provide confidential information, such as passwords or bank details.


Smishing:
 an attacker uses text messages to convince the victim to click on a malicious link or provide confidential information.


Dumpster diving:
 An attacker searches through an organization’s garbage looking for information that can be used to break into the system or obtain sensitive information.


Shoulder surfing:
 An attacker looks over the victim’s shoulder to gain access to sensitive information, such as passwords or PINs.


Tailgating:
an attacker follows the victim through a secure entrance and uses access to the facility to steal sensitive information or cause damage.

It is important to remember that there are many forms of social engineering, and attackers are always trying to invent new ways to find vulnerabilities and obtain sensitive information. It is therefore essential that organizations make their employees aware of these tactics and train them to recognize suspicious messages and requests and to follow security procedures to protect themselves and their organization from social engineering attacks.

Preventing phishing attacksUser settings for AWS security audits