• Social engineering
Phishing is a method that attackers use in which they will send emails to a user, pretending to be from reputable companies, in order to get a user to either divulge information or assist the attacker in getting access.
- Spear phishing
Spear Phishing is phishing attack but aimed with a specific person in mind that they wish to ‘catch’. This may be specifically targeted phishing emails or something eye catching but aimed at a single individual or group of individuals (e.g. administrators?)
Why go phishing when you can go right for the top? Whaling is phishing aimed at high level of business e.g. management, CEO’s, CTO’s, board members etc.
Vishing is essentially phishing but via telephone, social engineers will attempt to get targets to divulge information or assist them with access via telephone.
Tailgating is the physical act of following someone through doors or barriers that usually require authentication, closely enough that you dont need to authenticate. This may be a door or checkpoint that requires you to present a pass or keyfob.
Impersonation is when a threat actor pretends to be someone they are not, usually someone who might need access to a certain space or building, this could be an internet repair guy, or engineer of some kind. It could also be someone from ‘head office’ or from the same organisation.
- Dumpster diving
Dumpster diving is the process of going through ‘dumpsters’ or waste to find information in the form of paperwork or electronics which have not been properly disposed of.
- Shoulder surfing
Should surfing is the process of looking over someones shoulder to see what they may have on the screen of their device, and hopefully gleam information from this.
A hoax is usually some formula of either phishing, vishing or even adware which claims that you are already meet some criteria (possibly that you already have malware) and to take a certain action. Sometimes used to gain access to a building or network.
- Watering hole attack
A Watering hole attack is where a threat actor may put malware on a website that its target frequents in order to get to the targets system.