Objective: Understand the various ways that social engineering can be performed.

Video: Lab $10$ Ethical Hacking

These are nine of the most common examples of social engineering are, provide a short

definition for each:

$1.$ Phishing:$\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_$

$2.$ Spear Phishing:$\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_$

$3.$ Baiting:$\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_$

$4.$ Malware:$\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_$

$5.$ Pretexting:$\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_$

$6.$ Quid Pro Quo:$\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_$

$7.$ Tailgating:$\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_$

$8.$ Vishing:$\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_$

$9.$ Water$-$Holing:$\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_$

How Does Social Engineering Happen?

Social engineering happens because of the human instinct of trust. Cybercriminals have learned

that a carefully worded email, voicemail, or text message can convince people to transfer money,

provide confidential information, or download a file that installs malware on the company

network.

Consider this example of spear phishing that convinced an employee to transfer $$500,000$ to a

foreign investor:

$1.$ Thanks to careful spear phishing research, the cybercriminal knows the company CEO is

traveling.

$2.$ An email is sent to a company employee that looks like it came from the CEO. There is a slight

discrepancy in the email address $$ but the spelling of the CEO$$s name is correct.

$3.$ In the email, the employee is asked to help the CEO out by transferring $$500,000$ to a new

foreign investor. The email uses urgent yet friendly language, convincing the employee that he

will be helping both the CEO and the company.

$4.$ The email stresses that the CEO would do this transfer herself but since she is travelling, she

can$$t make the fund transfer in time to secure the foreign investment partnership.

$5.$ Without verifying the details, the employee decides to act. He truly believes that he is helping

the CEO, the company, and his colleagues by complying with the email request.

$6.$ A few days later, the victimized employee, CEO, and company colleagues realize they have been

a victim of a social engineering attack and have lost $$500,000.$