Social Engineering
Last modified: 2024-02-08
Techniques
Phishing
Attackers may impersonate a legitimate company or website and steal account information by sending the victim an email with a link to a malicious site.
Vishing (Voice Phishing)
Attackers may ask for passwords directly from victims over the phone.
Smishing (SMS Phishing)
Attackers may use SMS to contact victims, pretending to be from a legitimate company, and redirecting them to a malicious site or installing an app.
Shoulder Surfing
Attackers may peer into the computer or smartphone screen from behind the victim's back and steal passwords.
Baiting
Attackers may persuade a victim to plug a malicious USB device into the victim's computer in order to steal personal information or corrupt the system.
Pretexting
Attackers may contact victims through social media and trick them into asking for their passwords.
Scareware
Attackers may unduly intimidate the victim into asking for information such as passwords to access the victim's data.
Trashing
Attackers may rummage through trash cans near the victim's home or workplace.
OSINT
-
It checks if the email address or the phone number has been exposed.