Social Engineering Attacks

Social engineering attacks target the most vulnerable part of any system - people!

They involve psychological manipulation to make the target reveal confidential information or perform some action.

Phishing typically involves fraudulent email that appear to come from a legitimate business (Amazon, bank, credit card company, etc) and contain links to a fraudulent website that seems legitimate. Users are told to login to the fraudulent website, providing their login credentials to the attacker.

• spear phishing is a more targeted form of phishing, ie. aimed at employees of a certain company.

• whaling is phishing targeted at high-profile individuals, ie. company president.

Vishing (voice phishing) is phishing performed over the phone.

Smishing (SMS phishing) is phishing using SMS text messages.

Watering hole attacks compromise sites that the target victim frequently visits. If a malicious link is placed on a website the target trusts, they might not hesitate to click it.

Tailgating attacks involve entering restricted, secured areas by simply walking in behind an authorized person as they enter. Often, the target will hold the door open for the attacker to be polite, assuming the attacker is also authorized to enter.