A-Z of Social Engineering (Understanding concepts, techniques, and some principle of persuasion).
Introduction
Social engineering is a psychologically driven tactic used to deceive individuals into divulging private information or acting in a way that jeopardises security.
A — Authority
Utilising the impression of power to get targets to comply. According to Robert Cialdini, this is also one of the principles of persuasion.
B — Baiting
Luring victims into a trap with deceptive promises.
C — Commitment and Consistency
When individuals commit to something, they tend to stay consistent with that commitment. Attackers take advantage of this by securing a small initial agreement, which then paves the way for larger requests. — This is
also a principle of persuasion.
D — Deepfake
Employing audio or video generated by AI to effectively imitate or impersonate people.
E — Elicitation
Obtaining information by using subtle conversational methods.
F — Fearmongering
Employing terrifying situations to compel subjects to comply.
G — Grooming
Establishing a rapport with the target in order to take advantage of their trust for nefarious ends.
H — Honeytrap
Manipulating the target by creating swoon worthy or romantic scenarios.
I — Impersonation
Leveraging identity theft to trick the target — typically by posing as a reliable person to gain access or information.
J — Job Scams
Posing as hiring prospect(s) in order to obtain personal identifiable information (PII).
K — Keylogger
Keystroke recording software or hardware used to obtain private data as you type on the keyboard.
L — Liking
In a nutshell “Liking” is one of the principles of persuasion and it means that you are more likely to say yes to someone or something you like.
M — Masquerading
Pretending to be a trustworthy user or organisation in order to trick people.
N — Name Dropping
Mentioning names of trusted individuals to gain credibility.
O — Oversharing
The habit of disclosing excessive amounts of personal information, frequently in casual chats or on social media, which social engineers might take advantage of.
P — Pretexting
Fabricating a convincing situation or excuse to interact with the subject and obtain data.
Q — Quid Pro Quo
Granting access or information in exchange for something.
R — Reconnaissance
Gathering data about a target in order to organise an attack.
S — Spear Phishing
Targeted phishing, which is directed at particular people or institutions.
T — Tailgating
Entering a restricted area after an authorised person without the necessary authorization.
U — Urgency
Generating a sense of urgency to motivate hasty, often unthinking action.
V — Vishing
Vishing (Voice phishing) is the practice of tricking targets over the phone.
W — Whaling
Phishing attempts that are specifically designed to target well-known
person(s). Usually a prominent individual, executive, or public servant.
X — Xenophobic Manipulation
Bias or aversion to things that are strange or alien. Social engineers may use xenophobia as a tool to make people suspicious of reasonable security precautions.
Y — Yearning
Taking advantage of a victim’s desire for something such as attention, money, or a solution to an issue can be a strategy employed by social engineers.
Z — Zero Trust
This security principle states that no user or gadget is essentially reliable. Social engineering frequently depends on taking advantage of trust, even though this principle is not a method in/of itself.
Conclusion
Being aware of social engineering tactics and maintaining vigilance are essential since these strategies take advantage of psychological tricks to coerce people into disclosing private information or taking activities that jeopardise security. Individuals and groups can strengthen their defences against attacks by being aware of the common social engineering approaches and strategies that were listed.