Some of the most common tactics are the following: Phishing, Pretexting, Spam, Shoulder Surfing and Tailgating. Phishing is very easy to pull off, and can trick many people. “Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source.” (SearchSecurity.techtarget.com). Most of the time the email or message is supposed to trick the recipient into downloading malware that can backdoor their computer, allowing the hacker access to personal and financial information. Another tactic that is widely used it Pretexting. “Pretexting is when one party lies to another to gain access to privileged data” (SearchSecurity.teachtarget.com). This is an attack that is hard to discern from a legitimate situation. Most Pretext attacks occur over the phone. The most common form of pretext situation, is when an attacker calls a target pretending to be a survey company. They ask you simple questions that seem harmless, like your Name, Phone Company, Location/etc. After the attacker has his desired information, he can call your financial institution, pretend to be you and gain access to their bank account, using the information you provided before. Lastly, Shoulder Surfing and Tailgating are two tactics that hackers can use physically to gain information about you. Shoulder Surfing is the act of peaking over someone’s shoulder as they …show more content…
Social Engineering is the least technical way of gaining personal or financial information. “Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software.” (Webroot.com). Hackers use simple methods like the ones mentioned prior to easily bypass tough network blocks or firewalls. It can be as simple as calling a company with a good pretext and questions, and ending the call with the network password, or the personal information of an executive that can be used to gain access to the full network. Hackers have been reverting to this easy form of hacking, rather than spending hours, or even weeks trying to penetrate a network. It’s an easy concept to grasp by most people, and is one of the reasons that Social Engineering is now on the rise again, as more people learn how to preform it well, and companies don’t train employees to spot and act against