Social engineering attacks

Social engineering attacks rely on someone's personality as they try to exploit them. There are various social engineering attacks; let's look at each of them and the principles of why they are effective:

  • Phishing and spear phishing: Phishing attacks are done by emailing someone who tells you that your account is going to expire so you need to complete the attached form. They ask you for all of your personal details that could be later used for identity fraud. The email looks as if it has come from a legitimate body, so the user is fooled into carrying out the required instructions:
Figure 2: Phishing attack

Get CompTIA Security+ Certification Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.