Social Engineering is an approach to manipulate people to perform an activity or to disclose information, primarily through misrepresentation, and often relies on human’s trusting nature. In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem legitimate, unassuming and respectable, possibly claiming to be an employee, repair person, or researcher and even offering credentials to support that identity. The goal of a social engineering attack is to trick the victim into providing valuable information or to gain access to that information. The attacker exploits the common human behavior, such as the desire to be helpful, the attitude to trust people and the fear of getting in trouble.
Impersonation :The attacker or the perpetrator pretends to be someone else (a senior official or someone from the help desk). The impersonation may occur over the telephone, in person, or via email. The perpetrator may try to establish a perceived familiarity or make you feel under pressure to obtain information to which he/she is not entitled
Tailgating/ Piggybacking : Following common courtesy practices, an employee may hold the door open for someone entering a secure area or the building without even knowing who the individual is or asking where they are going. The unauthorized individual may pre-tend to be a delivery person, a visitor, or even a fellow employee. Be cautious if an unknown or unauthorized individual is trying to follow you through access doors. Ask for their IDs if suspicious
Phishing : Phishing attacks uses electronic communication medias such as email and websites to induce computer users into revealing confidential/personal information such as usernames, passwords, or credit card by masquerading as a trustworthy entity. Mostly the objective of phishing is to steal personal identification information relating to financial...
Please join StudyMode to read the full document