Social Engineering
Social Engineering & Phishing Attacks ππ¶
πΉ What is Social Engineering?¶
Social Engineering manipulates people into revealing confidential information through deception, urgency, and impersonation rather than hacking systems.
1οΈβ£ Types of Social Engineering Attacks¶
π§ Phishing (Email Scam)¶
Attackers send fake emails pretending to be from legitimate sources to steal login credentials, credit card details, or install malware.
β
Example: Fake PayPal email asking you to reset your password via a malicious link.
πΉ Prevention: Verify senders, avoid suspicious links, and use email security tools.
π Vishing (Voice Phishing β Phone Call Scam)¶
Scammers impersonate banks, government, or IT support over the phone to trick you into sharing sensitive details.
β
Example: "Your bank account is compromised! Share your OTP to secure it."
πΉ Prevention: Never share sensitive info over calls. Call back using official numbers.
π² Smishing (SMS Phishing β Text Scam)¶
Fake text messages with malicious links pretending to be from banks, delivery services, or government agencies.
β
Example: "Your Amazon order is on hold! Click here to confirm." (Fake login page)
πΉ Prevention: Donβt click links in suspicious messages. Verify with the official source.
2οΈβ£ Other Phishing Variants¶
π― Spear Phishing (Targeted Attack)¶
Customized phishing attack targeting individuals with personal details.
β
Example: Fake HR email asking you to update payroll info.
π Whaling (CEO Fraud)¶
Scammers impersonate executives to trick employees into wire transfers or sharing sensitive business data.
β
Example: Fake CEO email asking finance to send urgent payment.
π Clone Phishing¶
Attackers replicate legitimate emails but replace links with malicious ones.
β
Example: A duplicate security alert from Microsoft with a fake link.
π£ Angler Phishing (Social Media Scam)¶
Fake social media profiles or messages with malicious links.
β
Example: A fake Amazon support message on Twitter asking for login details.
π Search Engine Phishing (SEO Poisoning)¶
Fake websites appear in top search results, tricking users into entering credentials.
β
Example: A fake "Zoom Download" site installing malware instead.
π DNS Poisoning (Pharming Attack) π΄ββ οΈ¶
Attackers modify DNS records to redirect users from legitimate websites to malicious sites that steal data.
β
Example: You enter bank.com, but due to DNS poisoning, you're sent to a fake bank login page.
πΉ Prevention:
β Use DNSSEC (DNS Security Extensions).
β Clear DNS cache regularly.
β Avoid public or unsecured DNS servers.
π‘οΈ How to Stay Safe?¶
β
Verify before clicking β Check links before opening.
β
Enable Multi-Factor Authentication (MFA) β Even if passwords leak, attackers canβt access accounts.
β
Use email & call security filters β Block suspicious emails and calls.
β
Never share sensitive details via email, SMS, or phone.
β
Use VPN on public Wi-Fi to avoid MitM attacks.
β
Report phishing attempts to IT security teams or anti-phishing organizations.