Online Social Engineering

Common Online Social Engineering Tactics

1. Phishing

• Fraudulent emails, messages, or websites designed to steal credentials or personal data.

• Examples: Fake login pages, urgent bank notices, fake security alerts.

1. Spear Phishing

• Highly targeted phishing aimed at specific individuals or organizations.

• Uses personalized details to increase credibility and deception.

1. Whaling

• A specialized form of phishing targeting high-profile individuals such as executives or government officials.

• Often involves fake business emails or legal threats.

1. Vishing (Voice Phishing)

• Social engineering conducted over phone calls to trick victims into revealing sensitive information.

• Example: Callers impersonating banks, tech support, or law enforcement.

1. Smishing (SMS Phishing)

• Fraudulent text messages prompting users to click malicious links or provide personal details.

• Example: Fake package delivery notifications, banking alerts.

1. Pretexting

• Creating a fabricated scenario to gain a victim’s trust and extract sensitive data.

• Example: Pretending to be an IT technician to request login credentials.

1. Baiting

• Luring victims with something enticing (e.g., free software, giveaways) to infect their systems or steal information.

• Example: Fake movie downloads containing malware.