There are more than phishing attacks to watch out for, however. Other social engineering examples include:
Baiting: Attackers entice victims into inadvertently compromising their security, for example, by offering free giveaways or distributing infected devices.
Diversion theft: Offline diversion thefts involve intercepting deliveries by persuading couriers to go to the wrong location. Online, they involve stealing confidential information by convincing victims to send it to the wrong recipient.
Honey trap: Attackers pretend to be romantically or sexually interested in the victim to persuade them to yield sensitive information or money.
Smishing/SMS phishing: Text messages that purport to be from legitimate entities are often used with other techniques to bypass 2FA (two-factor authentication). They might also direct victims to malicious websites on their phones.
Pretexting: An early stage of more complex social engineering attacks in which the con artist gains a victim’s trust, typically by creating a backstory that makes them sound trustworthy.
Quid pro quo: Quid pro quo attacks rely on people’s sense of reciprocity, with attackers offering something in exchange for information.
Scareware: A form of malicious software – usually a pop-up that warns that your security software is out of date or that malicious content has been detected on your machine – that fools victims into visiting malicious websites or buying worthless products.
Tailgating: A physical security attack that involves an attacker following someone into a secure or restricted area, for instance, while claiming to have mislaid their pass.
Vishing/voice phishing: Vishing is a form of targeted social engineering attack that uses the phone. Types of vishing attacks include recorded messages telling recipients their bank accounts have been compromised. Victims are then prompted to enter their details via their phone’s keypad, giving them access to their accounts.
Water-holing/watering hole: Watering hole attacks work by infecting websites that a target group is known to frequent. For instance, 2017’s NotPetya infection – believed to be a politically motivated attack against Ukraine – infected a Ukrainian government website and then spread through the country’s infrastructure.
419/Nigerian prince/advance fee scams: These cons involve scammers asking victims to supply their bank details or a fee to help them transfer money out of their country. They originated in Nigeria, and the number 419 refers to the section of Nigeria’s Criminal Code that bans the practice.
