Social Engineering

Social Engineering Definition

Common Social Engineering Tactics

There are multiple types and vectors for social engineering tactics.

Email-based Attacks

Spam Definition
  • [i] Spam) - (definition:: Unsolicited bulk emails sent out in the hopes of getting a few recipients to click on links or attachments) - (subject:: Cybersecurity
Phishing Definition
  • [i] Phishing) - (definition:: Fraudulent emails that appear to be from legitimate sources, attempting to trick the recipient into revealing sensitive information or performing an action) - (subject:: Cybersecurity
Spear Phishing Definition
  • [i] Spear Phishing) - (definition:: Targeted phishing attacks that are customized for a specific organization or individual) - (subject:: Cybersecurity
Whaling Definition
  • [i] Whaling) - (definition:: Highly targeted phishing attacks aimed at high level executives and other privileged users) - (subject:: Cybersecurity

Other Attack Tactics

Baiting Definition
  • [i] Baiting) - (definition:: Leaving malicious physical media, like a USB drive, in a public place, hoping that the finder will insert it into a computer out of curiosity) - (subject:: Cybersecurity
Piggybacking Definition
  • [i] Piggybacking) - (definition:: Unauthorized physical access by following an authorized person through a restricted entry point) - (subject:: Cybersecurity
Pretexting Definition
  • [i] Pretexting) - (definition:: Creating a plausible pretext or scenario to convince a target to reveal sensitive information) - (subject:: Cybersecurity

All of these tactics use deception to exploit human nature and manipulate them to gain access or information that can be used for malicious purposes.

Identifying Social Engineering Attempts

Some common indicators of social engineering attempts are:

Education and training are key to helping employees and individuals recognize and report social engineering attempts.