Social Engineering Attacks
Phishing: Involves the use of fraudulent emails or messages that appear to come from a trusted source, such as a bank or an employer. The attacker typically includes a link or attachment in the message, which, when clicked or downloaded, installs malware on the victim’s device or directs them to a fake website where they are prompted to enter sensitive information.
Pretexting: Involves the creation of a false scenario or pretext to build trust with the target. For example, an attacker may pose as a customer service representative or IT support staff to gain access to sensitive information or systems.
Baiting: Involves the use of enticing offers or incentives to trick the target into taking a specific action. For example, an attacker may leave a USB drive labeled “confidential” in a public area, hoping that someone will pick it up and plug it into their computer.
Quid pro quo: Involves the exchange of something of value in return for sensitive information or access to critical systems. For example, an attacker may offer free software or access to exclusive content in exchange for login credentials or other sensitive information.