Top Ethical Hacking Institute

Social Engineering

What is Social Engineering ?

  • Social Engineering is The Art of manipulating people’s mind so they give up confidential information.
  • Bypass human’s conscious mind.
  • In our subconscious mind temporary memory and hard-wired memory.
  • Temporary Memory is a short-term memory like a remembered OTP.
  • Hard-wired memory is a Long-term memory like an ABCD or Childhood memory.

Social Engineering Techniques

Phishing Techniques

Phishing Attack

  • Phishing is a trick where an attacker sends fake emails, pretending to be from a trusted source.
  • For example, a scammer might send an email that looks like it’s from a customer service agent at your bank. They might say they have important information about your account but need you to reply with your full name, birth date, social security number, and account number to verify your identity. In reality, the sender is not from the bank.
  • it is someone trying to steal your personal information.

Spear phishing 

  • Spear phishing is a type of email scam that targets specific individuals. The attacker researches the victim by looking at their social media profiles and other online information to create a personalized and convincing email.
  • Imagine that an individual regularly posts on social media and she is a member of a particular gym. In that case, the attacker could create a spear phishing email that appears to come from her local gym. The victim is more likely to fall for the scam since she recognized her gym as the supposed sender.

Vishing and Smishing

  • While phishing usually describes fake email scams, similar tricks are used with phone calls and text messages.
  • While phishing is used to describe fraudulent email practices, similar manipulative techniques are practiced using other communication methods such as phone calls and text messages. 
  • Smishing (short for SMS phishing) is similar to and incorporates the same social engineering techniques as email phishing and vishing, but it is done through SMS/text messaging. 

Quid Pro Quo

  • “Quid pro quo” might sound like a fancy term, but in the world of cybersecurity, it’s a simple yet effective trick used by attackers.
  • Picture this: someone posing as IT support calls a company, offering help with a technical issue. They promise to fix the problem if the employee shares their login credentials.
  • It’s like a trade-off, but in reality, it’s a tactic to steal sensitive information. Stay alert and never hand over your login details to unsolicited callers, no matter how helpful they seem!