While social engineering focuses on psychologically hacking the human mind, there are various types of social engineering attacks, such as traditional human-based, computer-based, and even mobile-based attacks. During this section, you will discover the fundamentals and characteristics of each type of social engineering attack.
Human-based social engineering
In human-based social engineering, the threat actor or penetration tester usually pretends to be someone with authority, such as a person who is important within the organization. This means the threat actor can attempt to impersonate a director or senior member of staff and request a password change on the victim’s user account.
An easy form of impersonation that usually gets a user to trust you quickly is posing as technical support. Imagine calling an employee while you’re pretending to be an IT person from the organization’s helpdesk team and requesting the user...
Social Engineering Attacks
While many cybersecurity professionals focus on implementing security appliances and solutions to prevent cyberattacks and threats, sometimes they lack focus on protecting the minds of employees. The human mind does not have cybersecurity solutions to protect it from psychological manipulation, and this creates the most vulnerable aspect within any organization. Threat actors and penetration testers often trick employees into performing an action or revealing confidential information that assists in performing a cyberattack and compromising an organization.
During this chapter, you will learn the fundamentals and key concepts that are used by ethical hackers and penetration testers during their offensive security exercises to trick and manipulate their targets into revealing sensitive information and even performing a task. You will also discover the characteristics of various types of social engineering attacks and how to develop an awareness of defending...