As I mentioned, I am preparing for the CompTIA Security+ exam and making many notes on this page for future reference. The first sub-topic was named: Compare and contrast different types of social engineering techniques. I am continuing on this sub-topic.

Spam

Everybody hates Spam. Every day our email inboxes are filled with this junk. Spam is something you never asked for. It comes off as an email from the salesman, a new product offering, or another offer that incentivizes you to click links. Never do that.

In the CompTIA+ book, there is also another type of Spam mentioned. It’s called Spam over Instant Messaging (SPIM). However, it’s not a widely used term, but it’s good to know. 

Dumpster diving

Hackers use any advantage to gain the upper hand. Sometimes it involves using a container full of trash. Anything that would help a hacker to map its target. This technique is called dumpster diving. The best way to protect from this is to use a shredder. 

Shoulder surfing

A process to look over a person’s shoulder with an incentive to gain information, like passwords or other sensitive data, when he types on his computer. It can happen on a train, coffee shop, or in any other public place. 

Pharming

One of the website attacks. Redirects traffic from a legitimate website to the attacker’s fake page. From there, you are on your own! Redirect happens when an attacker modifies a local DNS cache or trusted local DNS server.

Tailgaiting

It’s a simple trick to follow someone in the back to enter the secure building. However, it’s easy to prevent it by spreading personal awareness and asking for a person’s credentials. 

Eliciting information

It’s a way to gather information from an unsuspecting victim. Social engineers use flattery and false ignorance. They ask questions so that a person feeds the correct information without knowing. 

Prepending

CompTIA defines it in three ways:

1. It can be as simple as adding the word “SAFE” to a set of email headers to fool a user into thinking it passed the check.
2. It can mean adding additional information to manipulate the outcome.
3. It can be a social engineer suggesting topics, leading to a fruitful conversation for him, and he gets the information he wants.

Identity fraud

It’s as simple as pretending to be someone else. For example, social engineers use this when calling a telecom center and taking over a person’s number. 

Invoice scams

This one involves sending fake invoices hoping that a person working for a company will pay.