Social engineering is used by attackers in various ways. Below are some common tactics used in social engineering:
Phishing: Attackers send fake emails or messages pretending to be trustworthy sources to trick recipients into revealing passwords, financial information, or clicking on malicious links.
Pretexting: Attackers create fabricated scenarios or stories to gain victims' trust, often pretending to be someone authoritative or in need of help to extract sensitive information.
Baiting: Attackers offer something enticing, like a free download, to lure victims into downloading malicious software that can steal data or compromise their systems.
Impersonation: Attackers pretend to be someone the victim knows or trusts, exploiting personal relationships to extract information or influence actions.
Quid Pro Quo: Attackers promise something in return for information or assistance, often exploiting people's desire for rewards to manipulate them.
Emotional Pull: Manipulating emotions to gain trust or sympathy, such as creating a connection with the victim to make them more likely to share sensitive information.
Urgency: Creating a sense of immediate importance or crisis to pressure victims into making quick decisions or revealing information without thinking.
Free Stuff: Offering something for free to entice victims into taking actions they wouldn't normally do, like clicking on links or downloading malicious files.
Blackmail/Extortion: Threatening to reveal embarrassing, damaging, or private information about the victim unless they comply with the attacker's demands.
Watering Hole: Attackers target websites or online places that a specific group frequently visits. They infect these sites with malware to compromise the visitors' devices, taking advantage of the trust users have in those websites.
Physical Access: Attackers use direct physical contact or manipulation to gain unauthorized access to a location or device. This might involve posing as a maintenance worker, tailgating through secure doors, or stealing devices to extract sensitive information.
Tags:
Social Engineering