Social Engineering
Social engineering is a tactic used by cybercriminals to manipulate people into divulging sensitive information, such as login credentials, financial data, or personal information. Social engineering attacks often exploit human emotions, such as fear, curiosity, or greed, to trick victims into taking actions that compromise their security.
Subfields of Social Engineering
- Phishing: a type of social engineering attack that uses fraudulent emails or websites to trick users into divulging sensitive information or installing malware on their systems. Phishing attacks often use spoofed email addresses or websites that appear to be legitimate, such as those of banks or social media sites.
- Pretexting: a type of social engineering attack that involves creating a fictional scenario to trick victims into divulging sensitive information or performing a specific action. Pretexting attacks often involve impersonating someone in authority, such as a company executive or IT staff member, to gain the victim's trust.
- Baiting: a type of social engineering attack that involves offering something of value, such as a free download or prize, to trick victims into divulging sensitive information or installing malware on their systems. Baiting attacks often use physical media, such as USB drives or CDs, to deliver the malware or gather information.
- Quid pro quo: a type of social engineering attack that involves offering a benefit or service in exchange for sensitive information or access to a system. Quid pro quo attacks often involve posing as a help desk technician or IT staff member and offering to resolve a technical issue in exchange for login credentials or other sensitive information.
- Scareware: a type of social engineering attack that uses scare tactics, such as false security alerts or warnings of imminent system failure, to trick users into purchasing fake security software or services. Scareware attacks often use pop-up windows or other visual cues to create a sense of urgency and pressure the victim to take immediate action.