Back to course

Social Engineering Tactics Explained

Cyber Security Mastery: From Zero to Hero

The Human Factor: Social Engineering

Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. It is often the weakest link in the security chain.

Common Principles of Influence (Cialdini)

Attackers often leverage these psychological principles:

  1. Authority: Pretending to be a superior or official (e.g., 'IT Support').
  2. Scarcity: Creating a false sense of urgency (e.g., 'Your account will be suspended in 5 minutes!').
  3. Liking/Familiarity: Establishing rapport or claiming to know a colleague.
  4. Reciprocity: Offering something small to make the victim feel obligated.

Primary Social Engineering Attacks

  • Pretexting: Creating a fabricated scenario (pretext) to obtain information (e.g., impersonating HR to verify personal details).
  • Baiting: Offering something tempting (like a free USB drive found in a parking lot) to get the victim to install malware.
  • Tailgating/Piggybacking: Following an authorized person into a restricted area (physical security attack).