• Social engineering
- Phishing
Phishing is a method that attackers use in which they will send emails to a user, pretending to be from reputable companies, in order to get a user to either divulge information or assist the attacker in getting access.
- Spear phishing
Spear Phishing is phishing attack but aimed with a specific person in mind that they wish to ‘catch’. This may be specifically targeted phishing emails or something eye catching but aimed at a single individual or group of individuals (e.g. administrators?)
- Whaling
Why go phishing when you can go right for the top? Whaling is phishing aimed at high level of business e.g. management, CEO’s, CTO’s, board members etc.
- Vishing
Vishing is essentially phishing but via telephone, social engineers will attempt to get targets to divulge information or assist them with access via telephone.
- Tailgating
Tailgating is the physical act of following someone through doors or barriers that usually require authentication, closely enough that you dont need to authenticate. This may be a door or checkpoint that requires you to present a pass or keyfob.
- Impersonation
Impersonation is when a threat actor pretends to be someone they are not, usually someone who might need access to a certain space or building, this could be an internet repair guy, or engineer of some kind. It could also be someone from ‘head office’ or from the same organisation.
- Dumpster diving
Dumpster diving is the process of going through ‘dumpsters’ or waste to find information in the form of paperwork or electronics which have not been properly disposed of.
- Shoulder surfing
Should surfing is the process of looking over someones shoulder to see what they may have on the screen of their device, and hopefully gleam information from this.
- Hoax
A hoax is usually some formula of either phishing, vishing or even adware which claims that you are already meet some criteria (possibly that you already have malware) and to take a certain action. Sometimes used to gain access to a building or network.
- Watering hole attack
A Watering hole attack is where a threat actor may put malware on a website that its target frequents in order to get to the targets system.