Social Engineering (OBJ 2.2 and 5.6)

Social Engineering

• Manipulative strategy exploiting human psychology for unauthorized access to systems, data, or physical spaces
• Includes written communication or face to face interactions
• Best defense against it is to Provide security awareness training to the users

Motivational Triggers

• Used by Social Engineers
  • Familiarity and Likability
  • Consensus and Social Proof
  • Authority and Intimidation
  • Scarcity and Urgency

Social Engineering Techniques

• Impersonation
  • Pretending to be someone else
  • Includes brand impersonation, typo-squatting, and watering hole attacks
• Pretexting
  • Creating a fabricated scenario to manipulate targets to perform actions that compromise security
  • Impersonating trusted figures to gain trust

Types of Phishing Attacks

• Phishing
• Vishing
• Smishing
• Spear Phishing
• Whaling
• Business Email Compromise

Frauds and Scams

• Deceptive practices to deceive people into parting with money or valuable information
• Identifying and training against frauds and scams

Influence Campaigns

• Spreading misinformation and disinformation, impacting politics, economics, etc.

Other Social Engineering Attacks

• Diversion Theft
• Hoaxes
• Shoulder Surfing
• Dumpster Diving
• Eavesdropping
• Baiting
• Piggybacking
• Tailgating