Analyzing And Differentiating Among
Types Of Social Engineering , Types Of Wireless & Application
3.3 Analyze and differentiate among
types of social engineering attacks
Social engineering : It is a skill that
an attacker uses to trick an innocent person such as an
employee of a company into doing a favor. For example, the
attacker may hold packages with both the hands and request
a person with appropriate permission to enter a building
to open the door. Social Engineering is considered to be
the most successful tool that hackers use. Social engineering
can be used to collect any information an attacker might
be interested in, such as the layout of your network, names
and/or IP addresses of important servers, installed operating
systems and software. The information is usually collected
through phone calls or as new recruit or guest to your boss.
1. Shoulder surfing is when a person
uses direct observation to find out a target's password,
PIN, or other such authentication information. The simple
resolution for this is for the user to shield the screen,
keypad, or other authentication requesting devices.
2. Dumpster diving is when a person
literally scavenges for private information in garbage and
recycling containers. Any sensitive documents should be
stored in a safe place as long as possible. When they are
no longer necessary, they should be shredded.
3. Piggybacking is where the intruder
poses as a new recruit, or a guest to your boss. The intruder
typically uses his social engineering skills to enter a
protected premises on someone else's identity, just piggybacking
on the victim.
4. Tailgating is essentially the same
as Piggybacking with one difference: it is usually without
the authorized person's consent.
5. Impersonation is when an unauthorized
person impersonate as a legitimate, authorized person.
6. A hoax is the attempt at deceiving
people into believing something that is false. hoaxes can
come in person, or through other means of communication
Staff training is the most effective tool for preventing
attacks by social engineering. Defense against social
engineering may be built by:
Including instructions in your security policy for
handling it, and
Training the employees what social engineering is
and how to deal with it.