Social Engineering
Social engineering is an access attack that attempts to manipulate individuals into performing actions or divulging confidential information. Social engineers often rely on people’s willingness to be helpful but also prey on people’s weaknesses. For example, an attacker could call an authorized employee with an urgent problem that requires immediate network access. The attacker could appeal to the employee’s vanity, invoke authority using name-dropping techniques, or appeal to the employee’s greed.
These are some types of social engineering attacks:
-
Pretexting - This is when an attacker calls an individual and lies to them in an attempt to gain access to privileged data. An example involves an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.
-
Tailgating - This is when an attacker quickly follows an authorized person into a secure location.
-
Something for Something (Quid pro quo) - This is when an attacker requests personal information from a party in exchange for something, like a free gift.