If you have not read part 1 of this blog, please take a look at
https://hacklido.com/d/86-social-engineering-a-beginners-guide
Social engineering is the use of psychological manipulation or deception to influence individuals to divulge confidential information or perform actions that may not be in their best interest. It is a common tactic used by cybercriminals to gain access to systems, networks, or sensitive information.
As we have already discussed in the last blog about social engineering, let’s just directly take a look at some most common social engineering techniques.
There are several types of social engineering techniques that can be used, including:
Phishing: This is the most common type of social engineering attack, where the attacker sends an email or text message pretending to be a legitimate organization or individual and asks the victim to click on a link or provide login credentials or other sensitive information. For example, a phishing attack might claim to be from a bank and ask the victim to log in to their account to verify their information, but when the victim clicks on the link, they are taken to a fake website that captures their login credentials.
A phishing attack might involve an attacker sending an email to an employee of a company, pretending to be the CEO or another senior executive. The email might request that the employee transfer money to a specific account or provide login credentials to a sensitive system.
Baiting: This technique involves offering the victim something desirable in exchange for information or access to a system. For example, an attacker might offer a free trial of a new software program in exchange for the victim’s login credentials.
An example of baiting might involve an attacker offering a free gift or prize in exchange for the victim’s login credentials or other sensitive information. For example, the attacker might create a fake website offering a free vacation in exchange for the victim’s credit card information.
Scareware: This technique involves scaring the victim into believing that their computer is infected with a virus or malware, and offering to fix the problem in exchange for payment or sensitive information.
An example of scareware might involve an attacker sending an email or pop-up message to the victim, claiming that their computer is infected with a virus and offering to fix the problem in exchange for payment or sensitive information.
Pretexting: This technique involves the attacker pretending to be someone else in order to gain the victim’s trust and obtain sensitive information. For example, an attacker might pretend to be a customer service representative from a company and ask the victim to verify their login credentials in order to fix an issue with their account.
An example of pretexting might involve an attacker pretending to be a customer service representative from a bank and calling a victim to ask for their account number and login credentials, claiming that there is a problem with their account.
Impersonation: This technique involves the attacker pretending to be someone else in order to gain access to a physical location or system. For example, an attacker might impersonate a repair technician in order to gain access to a secure facility.
An example of impersonation might involve an attacker pretending to be a repair technician in order to gain access to a secure facility. The attacker might present fake identification and wear a uniform to appear legitimate.
Quid pro quo: This technique involves the attacker offering something in exchange for sensitive information or access to a system. It is similar to baiting, but the victim is usually aware that they are receiving something in exchange for their information or access.
Influence: This technique involves the attacker using persuasive language or manipulating the victim’s emotions in order to influence their decision-making. For example, an attacker might use flattery or fear in order to convince the victim to divulge sensitive information.
These are the most common social engineering techniques per my opinion, there exist many more social engineering techniques, you an learn about them from google.
Social Engineering has no limits, neither in the application nor in the study, so keep learning and keep improving your knowledge and here, we end the social engineering topic, if you have any doubts, feel free to ask in our discord server.
Join the discord server - https://hacklido.com/discord