Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. I learned that there are 7 types of social engineering attacks, and social engineering can take many forms depending on the medium used to implement the attack.
The 7 types of social engineering attacks are phishing, spear phishing, vishing, pretexting, baiting, tailgating, and quid pro quo. Among them, phishing is the most common type of social engineering attack. The attacker create a copy of an website and send the link through social media, the target not knowing of the attack may end up putting their personal information on the website, such as email, password, bank account, etc.
Tools used for social engineering:
- Social Engineering Toolkit(SET)
- Gophish
- SocialFish