Define social engineering and provide an example.

Social engineering is a term used to describe the manipulation of individuals to gain confidential information or access to systems, networks, or physical locations. Unlike traditional hacking methods that rely on technical vulnerabilities, social engineering exploits human psychology and relies on deception, manipulation, and trust-building to achieve its objectives.

Technical Details:

  1. Pretexting:
    • Definition: Creating a fabricated scenario or pretext to engage a target and obtain information.
    • Example: An attacker posing as an IT support technician calls an employee claiming to be conducting routine maintenance. The attacker gains the employee's trust and convinces them to share login credentials or other sensitive information.
  2. Phishing:
    • Definition: Sending fraudulent emails or messages that appear legitimate to trick individuals into revealing sensitive information.
    • Example: A phishing email appears to be from a trusted source (e.g., a bank or a popular website) and prompts the recipient to click on a link. The link directs them to a fake website where they unknowingly provide login credentials, which the attacker then captures.
  3. Quid Pro Quo:
    • Definition: Offering something in exchange for information or access.
    • Example: An attacker poses as a software vendor offering free software or technical support. In exchange, the victim is asked to provide login credentials or other sensitive information.
  4. Baiting:
    • Definition: Offering a tempting "bait" to lure individuals into a trap.
    • Example: A malicious actor leaves infected USB drives in a public area with labels like "Employee Payroll" or "Confidential Data." Curious individuals who pick up and use these USB drives unknowingly install malware on their systems.
  5. Impersonation:
    • Definition: Pretending to be someone else to gain trust and access.
    • Example: An attacker poses as a company executive or a trusted colleague in a communication, requesting sensitive information or instructing actions such as fund transfers.
  6. Tailgating:
    • Definition: Physically following someone into a restricted area without proper authorization.
    • Example: An attacker waits for an employee to enter a secure building and follows closely behind, taking advantage of the trusting nature of people in social situations.