In our last article we discuss on What is Social Engineering and today we discuss on types of social Engineering.
Social Engineering Can be divided into two parts:-
1. Human Based Social Engineering:-
Human Based Social Engineering is fully interacted with humans means person-to-person and then retrieve the desired information. People used human based social engineering techniques in different ways, here i am sharing top popular methods.
(a). Use Valid User Authentication:- In this type of attack, attacker gain physical access by pretending to be a janitor, employee etc means in this type of attacker use others identity to gain access the system and then gathers the information.
(b). Posing as an Important User:- In this type of attack, the hacker pretends to be an important user such as an executive or high-level manager who needs immediate assistance to gain access to a computer system or files. The hacker uses intimidation so that a lower-level employee such as a help-desk worker will assist them in gaining access to the system. Most low-level employees won’t question someone who appears to be in a position of authority.
(c). Using a third person:- Using the third-person approach, a hacker pretends to have permission from an authorized source to use a system. This attack is especially effective if the supposed authorized source is on vacation or can’t be contacted for verification.
(d). Calling technical support:- Calling tech support for assistance is a classic social-engineering technique. Help-desk and technical support personnel are trained to help users, which makes them good pray for social-engineering attacks.
(e). Shoulder Surfing:- Shoulder Surfing is very most popular techniques, in this technique we gather passwords by watching over a person’s shoulder while they log in to the system. The watch valid user login and then use that password to gain access to the system.
2. Computer Based Social Engineering:-
Computer based social engineering refers to having computer software that attempts to retrieve the desired information. For Ex we send fake email to user and then ask to authenticate their password this is known as Phishing.
[Read More:- Best Protection Against Phishing Attack]