Chapter 1: Social Engineering Techniques
Social engineering is one of the most common attacks, and the most devastating. You’ll need to know not just what it is, but the correct terms for types of attacks.
Social Engineering – tricking a person into allowing access to a system; this includes dumpster diving and phishing
Social Engineering Attacks
Phishing
You and your clients can submit, verify and track phishing attempts on the PhishTank web site:
http://phishtank.org/index.php
http://phishtank.org/index.php
Spear phishing
Whaling
Smishing
Vishing
Spam
SPIM
Dumpster diving
Shoulder surfing
Pharming
Tailgating
Prepending
Identity fraud
Invoice scams
Credential harvesting
Reconnaissance
Hoax
Impersonation
Third-party authorization
Contractors/outside parties
Online attacks
Watering hole attacks
Typosquatting
Pretexting
Influence campaigns
Principles: Why Social Engineering Works
Authority
Intimidation
Consensus
Scarcity
Familiarity
Urgency
Defenses
Processes (protocols)
Training