OP 14 April, 2022 - 07:04 AM
(This post was last modified: 14 April, 2022 - 07:07 AM by Shizuru. Edited 1 time in total.)
Social engineering is a term used to describe the use of psychological techniques to gain access to information or to manipulate individuals. The term can be used to describe a number of different activities, including phishing, malware infection, and fraud. Social engineering can also be used to gather intelligence or perform reconnaissance.
Types of social engineering:
Pretexting:
Social engineering is a form of manipulation that takes place when an attacker uses social, verbal, or psychological means to gain access to their target. A social engineer can use pretexting, making it seem that the attacker is calling from a legitimate company, such as a bank or utility company. The attacker uses a pre-determined identity to create the illusion that he or she is calling from a trusted source.
Baiting:
Baiting is the act of obtaining information through deception. The attacker calls a company and poses as an employee or administrator. The caller may be able to obtain the target's confidential data, such as a password, by following through with the request. is the act of obtaining information through deception.
Phishing:
Phishing is the act of obtaining information through deception. The attacker impersonates a trustworthy source and sends an email asking for sensitive information, such as a password or credit card number. The attacker will often use a fake Web site to trick a user into entering login information.
Spearphishing:
Spearphishing is a form of phishing that uses email to trick the target into revealing sensitive data. The attacker sends an email posing as someone the victim knows and asks them to log in to a fake Web site.
Vishing: Vishing is the use of caller ID spoofing to trick a target into revealing sensitive information. The attacker calls the victim and identifies himself or herself as someone they know, such as an employee of the company.
Smishing:
Smishing is a form of phishing that uses SMS text messaging to trick the target into revealing sensitive information. The attacker sends an SMS text message posing as someone the victim knows and asks them to reveal sensitive data.
Conclusion
In conclusion, social engineering is the process of manipulating people into performing actions or divulging confidential information. It can be used to gain access to networks, systems, or data, or to gain the trust of individuals who have access to valuable information. While social engineering attacks can be sophisticated, there are some simple steps that you can take to protect yourself and your organization. Awareness and education are the best defenses against social engineering attacks.
![[Image: source.gif]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.giphy.com%2Fmedia%2FQWLY7CWzALQfSvJWIv%2Fsource.gif)
Types of social engineering:
Pretexting:
Social engineering is a form of manipulation that takes place when an attacker uses social, verbal, or psychological means to gain access to their target. A social engineer can use pretexting, making it seem that the attacker is calling from a legitimate company, such as a bank or utility company. The attacker uses a pre-determined identity to create the illusion that he or she is calling from a trusted source.
Baiting:
Baiting is the act of obtaining information through deception. The attacker calls a company and poses as an employee or administrator. The caller may be able to obtain the target's confidential data, such as a password, by following through with the request. is the act of obtaining information through deception.
Phishing:
Phishing is the act of obtaining information through deception. The attacker impersonates a trustworthy source and sends an email asking for sensitive information, such as a password or credit card number. The attacker will often use a fake Web site to trick a user into entering login information.
Spearphishing:
Spearphishing is a form of phishing that uses email to trick the target into revealing sensitive data. The attacker sends an email posing as someone the victim knows and asks them to log in to a fake Web site.
Vishing: Vishing is the use of caller ID spoofing to trick a target into revealing sensitive information. The attacker calls the victim and identifies himself or herself as someone they know, such as an employee of the company.
Smishing:
Smishing is a form of phishing that uses SMS text messaging to trick the target into revealing sensitive information. The attacker sends an SMS text message posing as someone the victim knows and asks them to reveal sensitive data.
Conclusion
In conclusion, social engineering is the process of manipulating people into performing actions or divulging confidential information. It can be used to gain access to networks, systems, or data, or to gain the trust of individuals who have access to valuable information. While social engineering attacks can be sophisticated, there are some simple steps that you can take to protect yourself and your organization. Awareness and education are the best defenses against social engineering attacks.
