Baiting is in many ways similar to phishing attacks. However, what distinguishes them from other types of social engineering is the promise of an item or good that hackers use to entice victims. Baiters may offer users free music or movie downloads, if they surrender their login credentials to a certain site.
For the purposes of this article, however, we will focus on the five most common attack types that social engineers use to target their victims: phishing, pretexting, baiting, quid pro quo and tailgating. 1. Phishing. Phishing scams might be the most common types of social engineering attacks used today.
Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.
Pretexting can also be used to impersonate people in certain jobs and roles that they never themselves have done. Pretexting is also not a one-size fits all solution. A social engineer will have to develop many different pretexts over their career. All of them will have one thing in common, research. Good information gather techniques can make or break a good pretext. Being able to mimic the perfect tech support rep is useless if your target does not use outside support.
Quid pro quo refers to one of the many types of social engineering tactics. The social engineer offers a service or help in exchange for access or information. Common quid pro quo attacks are executed with individuals impersonating IT service assistance or call help.
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
Like spear phishing, social engineering attacks are highly targeted on a small number of potential victims. What are some examples of Social Engineering Attacks? A USA Today article outlines a social engineering attack technique used in 2016 in a recent article.
We define vishing as the “practice of eliciting information or attempting to influence action via the telephone.” Similar to phishing, the goal of vishing is to obtain valuable information that could contribute to the direct compromise of an organization by exploiting people’s willingness to help.
The social engineering technique used in watering hole attacks is strategic. Unlike a usual social engineering attack, threat actors employing the watering hole technique carefully select the most appropriate legitimate sites to compromise, instead of targeting random sites. Because the watering hole technique targets trusted and frequented sites, relying on solely visiting trusted sites to avoid online threats may not be an effective practice.