There are lots of strategies that social engineers can use to exploit victims, all utilizing the principles of consensus, familiarity, urgency, and authority. We learned about the following strategies:

  • Spam: unsolicited emails.
  • Prepending: attaching a message to an email saying something like “RE:” or “MAILSAFE:PASSED” to make it appear that the email is safe and legitimate.
  • Hoaxes: fake information, like false security alerts.
  • Pretexting: when an attacker tricks a victim by giving a false pretext, or reason, for why the victim should share information with the attacker.
  • Pharming: when an attacker redirects victims from a legitimate website to their malicious version.
  • Typosquatting: when an attacker deliberately registers a website domain with a name that is close to that of a legitimate website.
  • Identity Fraud: when an attacker uses a victim’s personal information.
  • Credential Harvesting: when an attacker is attempting to harvest, or learn, a victim’s credentials.
  • Watering Hole Attack: when an attacker hacks the third-party service or software a group of victims uses in order to gain access to a victim or the victims’ company.
  • Tailgating: when an attacker follows someone through a secure door before the door can close.
  • Dumpster Diving: when an attacker goes through a victim’s trash to obtain sensitive information.
  • Shoulder Surfing: when an attacker looks over someone’s shoulder as they type their password.

Be careful and be aware! Just because a person, site, email, or other source seems trustworthy doesn’t mean they are.

Take this course for free

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?