Social Engineering

attacks

Shoulder surfing

Physical access to workstations

Masquerading as a user

Masquerading as a monitoring staff

Dumpster diving

Handling (finding) sensitive information

Handling (finding) sensitive information

Reverse social engineering

Baiting

uses computer media to entice a victim into installing malware

Ex: leave a CD-ROM disk in a public place

Rely on natural human curiosity when presented with an unknown

Phishing

fake e-mails, which request a user to connect to an illegitimate site

Some phishing attacks target victims through the phone

Pretexting

inventing a scenario to convince victims to divulge information they should not divulge