What is Social Engineering

Social engineering is a psychological manipulation technique used by threat actors or general to deceive individuals into revealing confidential information, granting access to systems, or performing actions that compromise security.

Goals:

  • Gain unauthorized access to systems or data

  • Steal identities or login credentials

  • Trick targets into performing actions unknowingly

Common Types of Social Engineering Attacks

1. Phishing

Deceptive emails, fake websites, or text messages used to steal information such as usernames, passwords, or credit card numbers.

2. Spear Phishing

A more targeted and personalized phishing attack. The attacker gathers information about the victim to appear more credible.

3. Vishing (Voice Phishing)

Scams conducted through phone calls. The attacker may pretend to be from customer support, banks, or authorities.

4. Pretexting

Creating a false scenario to obtain information. Example posing as IT staff to ask for login credentials.

5. Baiting

Luring victims with something tempting, such as a free USB or a downloadable file, which may contain malware.

6. Tailgating

Following someone into a restricted area without authorization, commonly used in physical security breaches.

Why Social Engineering is Still Used

As a penetration tester, social engineering is still often used to find initial access such as hacking, ransomware and blackmail and other detrimental things, social engineering attacks individuals not systems, let's take an example of any sophisticated system but employees are fooled by social engineering can still be penetrated, a hacker if he can't attack his system then the individual is attacked, for example a hacker does OSINT to employees, then he finds interesting information such as email addresses, schools, hobbies, birth dates and others. Then hackers can enter with this gap looking for possible access, if the hacker succeeds in trapping his target then he will do a deep investigation such as credential stuffing and looking for access and stealing data. Remember this depends on the motivation there are hackers who do this to steal money or find initial access, conduct espionage and other things

How to Prevent?

  • Don’t trust unsolicited requests for personal or sensitive information

  • Verify the identity of senders or callers

  • Be cautious with suspicious emails or links

  • Enable two-factor authentication (2FA) wherever possible

  • Educate and train individuals or employees regularly

PreviousGuide Satellite ImageryNextSexual Abuse - How to Revenge

Last updated