Threats & AttacksHigh
Social Engineering
Psychological manipulation techniques used to trick people into revealing confidential information or performing actions that compromise security
Skill Paths:
Threat IntelligenceSecurity AwarenessIncident ResponseSecurity Fundamentals
Job Paths:
Threat Intelligence AnalystSecurity Awareness TrainerIncident ResponderSecurity Analyst
Relevant Certifications:
CEHCompTIA Security+SANS GSECCISSP
Content
What is Social Engineering?
Social Engineering is a non-technical form of attack that relies on human psychology and manipulation. Attackers use various techniques to trick people into breaking normal security procedures, revealing confidential information, or performing actions that compromise security.
Common Techniques
- Phishing – Deceptive emails designed to steal information
- Pretexting – Creating a fabricated scenario to gain trust
- Baiting – Leaving physical devices to tempt victims
- Quid Pro Quo – Offering a service in exchange for information
- Tailgating – Following authorized personnel into restricted areas
- Vishing – Voice-based phishing attacks
Psychological Principles
- Authority – Impersonating someone in power
- Urgency – Creating time pressure to bypass thinking
- Social Proof – Using peer pressure or consensus
- Reciprocity – Offering something to create obligation
- Scarcity – Making opportunities seem limited
Prevention Strategies
- Conduct regular security awareness training
- Implement multi-factor authentication
- Verify identities through multiple channels
- Establish clear reporting procedures
- Use technical controls to reduce human error
- Foster a security-conscious culture
Quick Facts
Severity Level
9/10
Goal
Exploit human psychology and trust
Mediums
Email, phone, social media, physical
Victims
Often unaware of the attack
Training
Security awareness training reduces risk
Related Terms