The principle of social proof in social engineering exploits people’s tendency to follow the actions of others. Attackers may use this by creating the illusion that others are complying with their requests, making the target more likely to comply as well.

Social engineering is the manipulation of human psychology to gain unauthorized access or information. It exploits human tendencies and behaviors rather than technical vulnerabilities, making it a particularly dangerous and effective attack vector.

Implementing mantrap entrances is a common defense against tailgating. These entrances typically consist of two sets of interlocking doors, allowing only one person to enter at a time and requiring authentication between the doors.

The principle of scarcity in social engineering exploits people’s tendency to value things that are rare or in short supply. Attackers may use this by creating a false sense of urgency or limited availability to pressure targets into making hasty decisions.

Tailgating is a physical social engineering attack where an unauthorized person follows an authorized person into a restricted area. This technique exploits politeness and social norms to bypass physical security measures.

Invoice scams involve sending fake invoices or manipulating legitimate ones to trick organizations into making payments to fraudulent accounts. These scams often rely on social engineering techniques to bypass normal verification processes.

Dumpster diving involves searching through an organization’s trash to find sensitive information. This technique exploits improper disposal of documents and can reveal valuable data such as financial records, customer information, or internal communications.

Compromising a legitimate website frequented by the target group is a common technique used in watering hole attacks. The attacker infects a trusted site with malware, expecting members of the target group to visit the site and become infected.

The use of personalized information is a common characteristic of spear phishing attacks. Attackers gather specific details about their targets to craft highly convincing messages, increasing the likelihood of success compared to general phishing attempts.

A sense of urgency is a common indicator of phishing emails. Attackers often use this tactic to pressure victims into taking action without carefully considering the legitimacy of the request.

Vishing, or voice phishing, is a social engineering attack that uses voice communication, typically phone calls, to manipulate victims into revealing sensitive information or taking harmful actions.

Impersonating executives or trusted partners is a key characteristic of business email compromise (BEC) attacks. Attackers often pose as high-level executives or known business associates to trick employees into transferring funds or revealing sensitive information.

Typosquatting involves registering domain names that are slight misspellings of popular websites. This technique is used to capture traffic from users who accidentally mistype the URL of their intended destination.

Creating a fake login page that mimics a legitimate site is a common credential harvesting tactic. The attacker sets up a convincing replica of a trusted website to trick users into entering their login credentials, which are then captured by the attacker.

Implementing DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an effective countermeasure against phishing attacks. DMARC builds on SPF and DKIM protocols to provide email authentication, policy enforcement, and reporting, significantly reducing the effectiveness of email spoofing and phishing attempts.

Whaling is a type of phishing attack that specifically targets high-level executives or other high-value individuals within an organization. These attacks are often more sophisticated and personalized than general phishing attempts.

Pharming is an attack where users are redirected to fraudulent websites, often through DNS cache poisoning or host file modification. Unlike phishing, which relies on users clicking malicious links, pharming can occur even when users type the correct URL into their browser.

Smishing, or SMS phishing, is a social engineering attack that uses text messages to manipulate victims into revealing sensitive information or taking harmful actions. It’s similar to email phishing but leverages the perceived trustworthiness and immediacy of text messages.

Shoulder surfing is a social engineering technique where an attacker observes someone’s actions, typically to gather sensitive information like passwords or PINs. This can be done by physically looking over someone’s shoulder or using other visual means to capture information.

Requests for urgent wire transfers are a common indicator of business email compromise (BEC) attacks. Attackers often impersonate executives or trusted partners to create a sense of urgency and pressure employees into making hasty financial transactions.

Spear phishing is a highly targeted form of phishing that focuses on specific individuals or organizations. Unlike general phishing campaigns, spear phishing attacks are customized with personal information to appear more convincing to the target.

Obtaining sensitive information is a common goal of social engineering attacks. Attackers often aim to trick victims into revealing passwords, financial data, or other confidential information that can be used for further attacks or financial gain.

Appealing to authority is a common technique used in social engineering attacks. Attackers often impersonate figures of authority or create scenarios that leverage the target’s tendency to comply with authority figures, making their requests seem more legitimate and urgent.

Baiting is a social engineering attack that involves leaving infected USB drives or other storage devices in public places. The attacker relies on human curiosity, expecting someone to plug in the device and unknowingly infect their system.

Pretexting involves creating a false scenario or pretext to obtain information or access from a target. The attacker typically impersonates someone in a position of authority or relevance to the victim to gain their trust.