Social Engineering attacks target the people that interact with a system rather than the system itself. In nearly all cases people are the most vulnerable part of any system. All the security measures in the world don’t mean anything if someone with authorization lets the attacker in.
Social Engineering attacks involve psychological manipulation to make the target reveal information or perform a compromising action.
Phishing
Phishing typically involves fraudulent emails or a fake website pretending to be a legitimate business. The hope is that someone will enter their username and password, or other compromising information, believing the site to be real. The credentials are then sent to the attacker.
- Spear Phishing is a targeted form, aimed at employees at a particular company, or even particular individuals, where normal phishing targets people indiscriminately en-masse.
- Whaling is phishing targeted at high-profile people, e.g. a CEO or politician.
- Vishing (voice phishing) is phishing performed over the phone; an attacker pretends to be from a target’s bank.
- Smishing (SMS phishing) is phishing using SMS text messages
Note
With the proliferation of AI voice and image generation in recent years, phishing is very likely to become a bigger problem than ever in the very near future.
Watering Hole
Watering hole attacks compromise sites that the target victim frequently visits. If a malicious link is placed on a website the target trusts, they might not hesitate to click it.
Tailgating
A Tailgating attack is when an attacker enters a restricted area by simply walking in behind an authorized person as they enter. While this is usually explicitly against policy for any secure location, it is generally considered polite to hold the door open for people, even if you don’t know them. Moreover it feel extremely rude to allow a door to slam in someone’s face (or even more extreme, to pull it closed) when they’re clearly trying to pass through. Because of the social faux-pas, people will often hold the door open to allow an attacker to walk in to the restricted space easily.