Social engineering tactics often rely on reverse-engineering people in an attempt to exploit their innate human vulnerabilities to achieve malicious objectives.
At the end of the day, everything we discuss here at P&C is around the attack of the system through the user. We aren’t trying to “hack” computers- an adequately secure system is impossible/improbable to penetrate with our resources (and trust me, we have very few resources).
Instead, it’s better to simply go through the front door and not by busting it down, rather, by being invited in.
Social engineering is a manipulative technique intended to exploit human psychology, trust, and emotions to perform specific actions or to make specific decisions, often to the detriment of the target.
Here are some good ones…
“Trusty Caller”
- Jane, a senior manager at a reputable company, receives a call from “David,” who claims to be the IT department. David explains there’s an urgent security update and asks Jane for her login credentials to ensure her account’s safety. Concerned, Jane shares her details without verifying David’s identity. In reality, it’s a social engineer exploiting trust to gain unauthorized access.
“Friendly Face”
- John, an enthusiastic intern, joins a company. On his first day, Sarah, a seasoned employee, befriends him and offers to show him around. As they chat, Sarah casually asks about the company’s upcoming projects. John, eager to fit in, inadvertently shares confidential information, not realizing that Sarah actually works at a competitor firm.
“Tech Support Scam”
- Mark receives a pop-up message on his computer, warning of a virus and providing a phone number for tech support. Panicked, Mark dials the number and connects with “Lisa,” who claims to be from a reputable tech support company. To resolve the issue, Mark grants Lisa remote access to his computer.
“Emergency Impersonator” Tactic
- Emily receives an urgent email from her boss, “Michael,” requesting a wire transfer for a critical business deal. The email claims that Michael is in a remote location and unable to make the transfer himself. Trusting her boss’s email, Emily quickly initiates the transfer, not realizing that the email came from an imposter.
“Bait and Switch” Tactic
- Alex, an online shopper, receives an email offering a limited-time 90% discount on a popular gadget. Excited, Alex clicks the provided link, which redirects to a convincing e-commerce website. Alex places an order using their credit card information, only to find out later that it was a fake site set up by cybercriminals to steal personal and financial data.
About P&C
Phish & Chips.io is a labor of love from seasoned information security and privacy enthusiasts. Although we provide some resources around engineering technical exploits and navigating computer systems, our true passion is for educating people and the study of human social behavior.
To this end, we have created a Phishing Attack Framework which is a great way to navigate this site and learn more about how to utilize social engineering techniques for your next cyber campaign.
Enjoy!