23/04/2025
Social Engineering Attacks are methods attackers use to trick people into giving up confidential information, access, or performing actions that compromise security. Instead of targeting systems, they exploit human psychology. Here are some common types:
1. Phishing
Fake emails or messages designed to look like they're from trusted sources, tricking users into clicking malicious links or sharing sensitive info (e.g., passwords, credit cards).
2. Spear Phishing
A more targeted form of phishing where attackers customize their messages for a specific individual or organization to make them more convincing.
3. Vishing (Voice Phishing)
Scammers use phone calls to impersonate officials (like tech support or banks) and persuade victims to reveal sensitive information.
4. Smishing (SMS Phishing)
Similar to phishing, but via text messages. Messages often contain malicious links or ask users to call fake customer service numbers.
5. Pretexting
The attacker creates a fabricated scenario (βpretextβ) to obtain information. For example, pretending to be from IT support and asking for login credentials.
6. Baiting
Attackers leave malware-infected devices (like USB drives) in public places, hoping someone picks them up and plugs them into their system.
7. Tailgating / Piggybacking
An attacker physically follows someone into a restricted area by pretending to be an employee or simply asking someone to hold the door.
8. Quid Pro Quo
The attacker offers something (like tech help or a gift) in exchange for information or access.
CCTO
