Social engineering is the use of psychological manipulation to trick people into divulging confidential information or performing actions that may not be in their best interest. In the context of cybercrime, social engineering techniques are often used to trick people into clicking on malicious links or downloading malware. For example, an attacker might send an email that appears to be from a trusted source, such as a bank or a friend, and ask the recipient to click on a link or download an attachment. By exploiting people’s trust and emotions, attackers can bypass security measures and gain access to sensitive information.
Some common social engineering techniques include phishing, where attackers use email, social media, instant messaging clients, or SMS to obtain sensitive information from a victim or trick them into clicking a link to a malicious website¹. Scareware is another technique where attackers trick victims into downloading or purchasing software and updates that they don’t need by scaring them with fake warnings about viruses or other threats¹. Watering hole attacks involve compromising a website that is frequently visited by the intended target and using it to deliver malware¹. Spear phishing or whaling attacks are targeted attacks against specific individuals or organizations¹. Other techniques include cache poisoning or DNS spoofing, pretexting, baiting and “quid pro quo” attacks, and physical breaches and tailgating¹.
Source: Conversation with Bing, 10/05/2023
(1) Top 5 Social Engineering Techniques and How to Prevent Them – Exabeam. https://www.exabeam.com/information-security/top-8-social-engineering-techniques-and-how-to-prevent-them-2022/.
(2) Social engineering: Definition, examples, and techniques. https://www.csoonline.com/article/3648654/social-engineering-definition-examples-and-techniques.html.
(3) Top 12 social engineering techniques and how to prevent them. https://www.grcelearning.com/blog/top-12-social-engineering-techniques-and-how-to-prevent-them.