types of social engineering attacks

Social Engineering:

 It involves psychological manipulation on users making them share confidential information by making trust relation.

Following are some types of social engineering attacks.

Phishing:

  Tools used for attack: Emails

 Attacking sends mails seeming like legitimate user. Intention could be steal user data like credit cards, username password.  Mail could have malicious link or a downloadable.

Spear Phishing

Tools used for attack: Emails

Attacking sends mails seeming like legitimate user targeting a specific group or a person.

Intention could be to steel confidential information.

Whaling

Attacker targeting people are executive level or any influential position.

Vishing:

  Tools used for attack: Phone

Attacker using telephone to persuade user in providing sensitive information

Tailgating or piggybacking:

Tools used for attack:  None

Person gaining to un authorized area by impersonating or by persuading a person to gain accessing using interpersonal skills.

Dumpster Diving:

Tools used for attack:  None

Attacker searchers through trash or garbage or in and around user to get user information.

Shoulder Surfing:

  Tools used for attack:  no tool, physical requires building trust.

Attacker hovers or spies over a user, while user enters PIN at atm or passwords.

Watering Hole Attack

  Tools used for attack:  websites

Attacker infects websites which user access and send intern infect the user when he accessing the infected website.