Typical types of Social Engineering attacks
Social engineering by phone – This is the most common type of social engineering attack. A hacker will call up and imitate someone in a position of authority, or relevance, and gradually pull information out of the user.
Dumpster Diving – Also known as trashing, where the hacker uses the security leaks in our trash like system manuals, printouts of sensitive data or login names and passwords, printouts of source code, disks and tapes, company letterhead and memo forms, and outdated hardware(data within in faulty hard drive).
On-Line Social Engineering – Hackers try to obtain the information from users by pretending to be the Systems Administrator and sending email through the network and requesting for a user password. Here at the University, we WILL NOT ask for user passwords. Also, sometimes hackers will send email attachments which contain viruses, worms and Trojan horses, so you should ensure email attachments are scanned.
Persuasion – Hackers create a perfect psychological environment for the attack. This can be achieved using the basic persuasion methods like impersonation, ingratiation, conformity, diffusion of responsibility, and plain old friendliness. The hacker’s objective here is to convince a person to give up sensitive information.
Reverse Social Engineering – An example to illustrate this is when a hacker creates a new virus attack on different networks, and then advertises themselves as the appropriate contact to fix the issue. When the people contact them to resolve the issue, they then ask for sensitive information purported to be required to resolve the issue. People are ready to share confidential information as they if it will help resolve their problem.