Social Engineering: Attack Methods
Different methods are used by the attackers when it comes to social engineering attacks:
- Pretexting: Pretexting originates from the word “pretext”. “Pretext” means “for some reason” and most of the times a reason which is not genuine. This involves the use of intelligently thought out well-crafted lies with the bad intention of collecting information about an individual or organization to initiate the attacks.
- Phishing: “Phishing” means “fishing," that is, “fishing” for useful personal information about the user which will be used by the attacker for identity theft. These attacks target primarily the obtaining of login credentials: user ids and passwords, or other personal information, e.g., social security number, banking account number, and credit/debit card details.
- Spear Phishing: Just a more targeted and well-crafted phishing attack.
- Vishing: A short for “Voice Phishing” and uses phone calls instead of phishing emails.
- Baiting: An attack where CDs, DVDs, or USB drives are infected with malware that steals a user's info.
- Tailgating: Getting access to a building by following an employee. Discussed on Slides 8 - 9 of Access Control.
- E-mail Attachments: Opening an attachment of an email sent from an attacker might lead to the installation of malware.