Social Engineering:
It involves psychological manipulation
on users making them share confidential information by making trust relation.
Following are some types of social engineering attacks.
Phishing:
Tools used for
attack: Emails
Attacking sends mails
seeming like legitimate user. Intention could be steal user data like credit
cards, username password. Mail could
have malicious link or a downloadable.
Spear Phishing
Tools used for attack: Emails
Attacking sends mails seeming like legitimate user targeting
a specific group or a person.
Intention could be to steel confidential information.
Whaling
Attacker targeting people are executive level or any
influential position.
Vishing:
Tools used for
attack: Phone
Attacker using telephone to persuade user in providing
sensitive information
Tailgating or piggybacking:
Tools used for attack:
None
Person gaining to un authorized area by impersonating or by
persuading a person to gain accessing using interpersonal skills.
Dumpster Diving:
Tools used for attack:
None
Attacker searchers through trash or garbage or in and around
user to get user information.
Shoulder Surfing:
Tools used for
attack: no tool, physical requires
building trust.
Attacker hovers or spies over a user, while user enters PIN
at atm or passwords.
Watering Hole Attack
Tools used for
attack: websites
Attacker infects websites which user access and send intern
infect the user when he accessing the infected website.