Social engineering is the art of convincing people to reveal confidential information. By taking advantage of, basic human nature like trust or a lack of knowledge, the attacker deceives people to reveal sensitive information.
The social engineering attacks can be grouped into three types:
Impersonation: Acting like someone else to get access to the information.
They may act as a legitimate user and request for information or they pose as a higher authority and may ask for sensitive information or they pose as a technical support person and try to gather sensitive and confidential details.
Other types are Human-based attacks are:
Tailgating: When an authorised person enters into a restricted area, the unauthorised person also enters the restricted AREA without the employee’s knowledge.
Piggybacking: Here the attacker may pose as an employee and ask the authorised employee to allow him to enter along with him. He may give fake reasons like he forgot his smart badge, etc.
Dumpster Diving: Any confidential or sensitive document should be properly shredded before disposed into the dustbin. If not, an attacker may just look into the dustbin to access the confidential information.
Eavesdropping: Unauthorised listening to conversations thereby collecting important data is called as eavesdropping.
Shoulder surfing: It is a direct observation technique like looking over someone’s shoulder to know the sensitive information like password, pin numbers, etc.
Due to loose security policies.
The individuals are unaware of the consequences of social engineering attacks.
It’s difficult to detect a social engineering attack.
It’s also an individual responsibility.
There are no hardware or software tools to prevent it.