Social Engineering

Social Engineering exploits human psychology rather than technical vulnerabilities. Attackers manipulate individuals into revealing information, granting access, or taking unsafe actions.

Key Concepts

• Phishing: Fraudulent emails or websites to steal credentials.
• Pretexting: Impersonation of trusted figures to extract info.
• Baiting: Luring victims with false promises (e.g., infected USB drives).
• Insider Threats: Exploiting employees with privileged access.

Attack Chain Overview

Reconnaissance → Engagement → Manipulation → Exploitation

Example Scenario

A phishing campaign targets company employees:

1. Attackers send fake “password reset” emails.
2. An employee clicks the link and enters credentials.
3. Credentials are used to access corporate mailboxes.
4. Attack spreads internally through compromised accounts.

⬅ Back to Home