Types of Social Engineering
There are many different types of social engineering attacks, each of which uses a unique approach to exploit human weaknesses and gain access to sensitive information. Here are some of the types of attacks, include:
- Phishing: Phishing is a type of social engineering attack that involves sending an email or message that appears to be from a legitimate source, such as a bank, in an attempt to trick the recipient into revealing their login credentials or other sensitive information.
- Baiting: Baiting is a type of social engineering attack that involves leaving a tempting item, such as a USB drive, in a public place in the hope that someone will pick it up and plug it into their computer. The USB drive is then used to infect the computer with malware.
- Tailgating: Tailgating is a type of social engineering attack that involves following an authorized individual into a secure area, such as a building or data center, without proper authorization.
- Pretexting: Pretexting is a type of social engineering attack that involves creating a false identity or situation in order to trick an individual into revealing sensitive information. For example, an attacker might pretend to be a customer service representative in order to trick an individual into giving them their login credentials.
- Vishing: Vishing is a type of social engineering attack that involves using voice phishing, or “vishing,” to trick individuals into revealing sensitive information over the phone.
- Smishing: Smishing is a type of social engineering attack that involves using SMS messages to trick individuals into revealing sensitive information or downloading malware.
Social Engineering – The Art of Virtual Exploitation
Social engineering uses human weakness or psychology to gain access to the system, data, personal information, etc. It is the art of manipulating people. It doesn’t involve the use of technical hacking techniques. Attackers use new social engineering practices because it is usually easier to exploit the victim’s natural inclination to trust. For example, it is much easier to fool someone to give their password instead of hacking their password. Sharing too much information on social media can enable attackers to get a password or extracts a company’s confidential information using the posts by the employees. This confidential information helped attackers to get the password of victim accounts.