Social Engineering is the psychological manipulation of people into performing actions or divulging confidential information. This differs from social engineering within the social sciences, which does not concern the divulging of confidential information.
A physical penetration test evaluated all physical security controls such as locks, security guards, cameras, and other security measures. The goal of a physical penetration test is to circumvent these safeguards in order to access networks, locate sensitive data, and physically enter locations that are off-limits.Drop An E-mail Call / WhatsApp
most common social engineering attacks :
Phishing is a method that occurs via email and attempts to trick the user in to giving up sensitive information or opening a malicious file that can infect their machine.
Vishing is similar to phishing but occurs via phone calls. These phones calls attempt to trick the user into giving up sensitive information.
Smishing is similar to phishing but occurs via sms text messages. These text messages have the same intent as phishing.
Impersonation is a method where the attacker attempts to fool a person into believing they are someone else.
Dumpster diving is a method where an attacker goes through not only trash but other items in plain sight, such as sticky notes and calendars, to gain useful information about a person or organization.
USB drops is a method that uses malicious USB’s dropped in common areas throughout a workspace.
Tailgating is a method that is used to bypass physical security measures.
pretends to be an attractive person to interact with a person and gather sensitive information.
gathering information in preparation of the attack
deceiving the victim(s) in order to gain control of the interaction
executing the attack by obtaining information over a period of time
bringing the interaction to a natural end without arousing suspicion
Frequently Asked Questions
Because it is often easier to exploit people than it is to find a network or software vulnerability.