Systems and Security : Attacks, Threats, and Vulnerabilities

1.1 Security Threats â€“ Social Engineering Techniques

Social engineering is a type of attack that relies on exploiting human psychology in order to gain unauthorized access to systems, networks, or sensitive information. There are several principles that attackers may use in social engineering attacks, including:

1. Authority: People tend to trust individuals who appear to be in positions of authority, such as police officers, executives, or IT personnel. Attackers may use this principle by pretending to be a trusted authority figure in order to trick the target into revealing sensitive information or performing actions that compromise security.

2. Intimidation: Attackers may use fear or intimidation to manipulate the target into taking a certain action. For example, they may threaten to harm the target or their loved ones if they don't comply with their demands.

3. Consensus: People tend to conform to the behavior of those around them. Attackers may exploit this principle by creating a false sense of consensus, such as by posing as multiple people who all support a particular action.

4. Scarcity: People are more likely to take action when they believe that something is in short supply or will become unavailable soon. Attackers may use this principle by claiming that a certain product, service, or information is only available for a limited time, in order to trick the target into taking immediate action.

5. Familiarity: People tend to trust individuals and organizations that they are familiar with. Attackers may exploit this principle by posing as a familiar individual, such as a friend or coworker, or by using a familiar logo or brand to create a sense of trust.

6. Trust: People are more likely to trust others who appear to be honest, trustworthy, and transparent. Attackers may use this principle by creating a false sense of trust, such as by using a fake name or profile, or by posing as a charity or other trustworthy organization.

7. Urgency: People are more likely to take action when they feel that they need to act quickly. Attackers may use this principle by creating a false sense of urgency, such as by claiming that a system or account will be disabled unless the target takes immediate action.

These principles are often used in combination, and attackers may tailor their tactics to the specific target in order to increase the chances of success. By understanding these principles and the methods used by attackers, organizations and individuals can better protect themselves against social engineering attacks.

There are several types of social engineering threats as detailed below:

1. Phishing
2. Smishing
3. Vishing
4. Spam
5. Spam over instant messaging (SPIM)
6. Spear phishing
7. Dumpster diving
8. houlder surfing
9. Pharming
10. Tailgating
11. Eliciting information, and
12. Whaling.

1. Phishing: Phishing is a type of social engineering attack in which an attacker sends an email or message that appears to be from a trusted source, such as a financial institution or a company, in an attempt to trick the recipient into providing sensitive information, such as passwords or financial information.

2. Smishing: Smishing is a type of phishing that occurs through text messages, rather than email. The attacker sends a text message that appears to be from a trusted source, with the goal of tricking the recipient into providing sensitive information.

3. Vishing: Vishing is a type of phishing that occurs through phone calls, rather than email or text messages. The attacker calls the target and pretends to be from a trusted source, with the goal of tricking the target into providing sensitive information.

4. Spam: Spam refers to unwanted or unsolicited emails, typically sent in bulk. Spam emails may contain malicious attachments or links that can infect a system or steal sensitive information.