As I mentioned, I am preparing for the CompTIA Security+ exam and making many notes on this page for future reference. The first sub-topic was named: Compare and contrast different types of social engineering techniques. I am continuing on this sub-topic.

Credential harvesting

It’s a process of gathering credentials, such as usernames and passwords—a widespread occurrence in phishing campaigns. For example, a phisher creates a fake Microsoft page where the unsuspecting user enters his credentials.

A malicious actor with user credentials will continue attacks with financial gain in mind. The only way to stop this behavior is to enable 2FA. For example, Yubikeys.

Reconnaissance

Reconnaissance is a social engineering technique. Hackers can use it in phone calls, emails, and other communication channels to gather more information about the target.

Social engineers use the same techniques to bypass security protocols and procedures.

Hoax

Hoax is a straightforward falsehood. It comes in a variety of forms. To me, the most well-known are emails. I receive a lot of emails from persons claiming to be security researchers. They pretend that they discovered a security hole and are asking for money. When you start investigating, it turns out it was a fake story.

Impersonation

The difference between impersonation and identity fraud is that impersonation is a more straightforward form of identity fraud. You don’t claim other person’s identities fully. So, for example, you can pretend to be a bus driver or a delivery man.

Watering hole attack

Sometimes you can’t find a way to hack your victim directly. Thus, experienced hackers compromise well-known sites and attack victims that way. An example of a watering hole attack is inserting malicious code through advertising networks. 

Typosquatting

An exciting way of attack. Attackers would buy a similar domain with a slight letter change so that Amazon becomes amazonca and similar examples. The hope is to fool you. You would be surprised how often they succeed. 

Pretexting

It’s a process of using a made-up scenario to justify why you are approaching a person. It is safe to say we were all in situations where we made up stories to explain why we were asking a question or appearing in some location. 

Influence Campaigns

Nation state actors conduct influence campaigns to sway people’s opinions about specific matters, especially when there are public elections. They use social networks to spread their fake stories, thus attracting a lot of attention. Nation states are governments that have a lot of resources and time to stage these types of attacks. Only a critical mindset can help to defend against these attacks.