Section 02: Social Engineering Concepts

Human Based Social Engineering

Impersonation / Impersonator

An impersonator is someone who imitates or copies the behavior or actions of another.

Eavesdropping

Eavesdropping is the act of secretly or stealthily listening to the private conversation or communications of others without their consent in order to gather information.

Shoulder surfing

In computer security, shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder. Unauthorized users watch the keystrokes inputted on a device or listen to sensitive information being spoken, which is also known as eavesdropping.

Dumpster diving

Dumpster diving (also totting, skipping, skip diving or skip salvage) is salvaging from large commercial, residential, industrial and construction containers for unused items discarded by their owners but deemed useful to the picker.

Piggybacking

In security, piggybacking, similar to tailgating, refers to when a person tags along with another person who is authorized to gain entry into a restricted area, or pass a certain checkpoint.

Elicitation

An elicitation technique is any of a number of data collection techniques used in anthropology, cognitive science, counseling, education, knowledge engineering, linguistics, management, philosophy, psychology, or other fields to gather knowledge or information from people.

Pretexting

Pretexting is a type of social engineering attack that involves a situation, or pretext, created by an attacker in order to lure a victim into a vulnerable situation and to trick them into giving private information, specifically information that the victim would typically not give outside the context of the pretext.

Wardriving

Wardriving is the act of searching for Wi-Fi wireless networks, usually from a moving vehicle, using a laptop or smartphone. Software for wardriving is freely available on the internet.

Links

• https://en.wikipedia.org/wiki/Impersonator

• https://en.wikipedia.org/wiki/Eavesdropping

• https://en.wikipedia.org/wiki/Shoulder_surfing_(computer_security)

• https://en.wikipedia.org/wiki/Dumpster_diving

• https://en.wikipedia.org/wiki/Piggybacking_(security)

• https://en.wikipedia.org/wiki/Pretexting

• https://en.wikipedia.org/wiki/Wardriving

Computer Based Social Engineering

Phishing

Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware.

Spam

Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming).

Links

• https://en.wikipedia.org/wiki/Phishing

• https://en.wikipedia.org/wiki/Email_spam