The following list describes common social engineering techniques that focus on the user as the weak link:
• Pretexting: An attacker masquerades as the help desk or creates a legitimate-sounding scenario to convince the user to reveal sensitive network information.
• Phishing: An attacker sends an e-mail posing as a legitimate organization and requests verification of account usernames and passwords.
• Vishing/phone phishing: An attacker uses Voice over IP (VoIP) to leave a message with a user that claims to be from a banking service with a callback number.
Attackers can also use software in one of the following forms to gain access to data on a network. Table 1-24 describes options to protect a network from attackers. ...