Pretexting
This technique consists in inventing a scenario which has the chance that the victim will divulge the information. This often needs a setup, consisting in creating the pretext and gathering information so that it is believable and it establishes legitimacy in the mind of the target. That's why, those who use this technique must imagine questions that could be asked to them, and elaborate the lie enough so it succeeds.
PhishingPhising is the technique in which somebody impersonates an authority in order to obtain the confidential information. Typically, the phisher sends an e-mail to a victim asking for information. Due to the fact that the e-mails sent look legitimate and from an authority, the target will provide it. It can also be done through a phone call, in which case, it is called IVR phishing. In this situations, a system calls and recreates a legitimate-sounding phone call of an institution and insitates the victim to call back. When this is done, they are asked for the information. In both cases, people are warned that if they don't follow the instructions, something will happen.
BaitingBaiting is a technique which consists in taking advantage from human's greed, curiosity or benevolence. The attacker leaves a labelled device in a public place. Somebody will find it and, in order to satisfy their curiosity, they will connect it to a computer, thus releasing the malware, unless the computer blocks the infection. In other cases, the person will give it to an authority, who will possibly also connect it to a computer or device.
For further information, you can click one of the following links: Social Engineering (2), Hackers, Hacker Types.
Sources
No comments:
Post a Comment