|  | 
                                            
                                                | 
                                                        
                                                             There are many techniques in social engineering. We highlight some of them here: |  |  | 
                                
                                
                                    |  | 
                                            
                                                |  |  | 
                                                        
                                                            The goal is to make the recipient of the email believe it's something they need
                                                                or are waiting for. The email may include dangerous links or attachments containing
                                                                antivirus software. Phishing types also include: spear phishing and whaling. Think
                                                                before you click! |  
                                                |  |  |  | 
                                
                                
                                    |  | 
                                            
                                                |  |  | 
                                                        
                                                            This technique uses a pretext - a false justification for a specific action - to gain confidence
                                                                and deceive the victim. For example, the attacker claims to work on IT support and requests
                                                                the target's password to perform maintenance.Proper processes, policies, and identification and authentication training must be in place
                                                                to avoid these attacks.
 |  
                                                |  |  |  | 
                                
                                
                                    |  | 
                                            
                                                |  |  | 
                                                        
                                                            The bait aims to attract the victim to perform a specific task, providing easy
                                                                access to something that the victim may feel tempted to access. For example, a USB
                                                                drive infected with a keylogger and identified as "Private Photos" left on the
                                                                victim's desk.Security policies, such as blocking unauthorized software and hardware, will
                                                                prevent most attempts, and you may want to remind teams never to rely on unknown
                                                                sources.
 |  
                                                |  |  |  | 
                                
                                
                                    |  | 
                                            
                                                |  |  | 
                                                        
                                                            "Something for something" in Latin, involves a request for information in exchange for
                                                                compensation. This is the case of an attacker calling random phone numbers claiming
                                                                to be from technical support. Occasionally, he finds a victim he happened to need.
                                                                They offer "help", gaining access to the computer and being able to install malicious
                                                                software. |  
                                                |  |  |  | 
                                
                                
                                    |  | 
                                            
                                                |  |  | 
                                                        
                                                            This method involves stealing data (passwords or codes) by looking "over the
                                                                shoulder" when the victim is using the laptop or other device (a smartphone
                                                                or even an ATM). Awareness of the threat is particularly important for companies
                                                                with employees in remote work, where they can use their work devices in public
                                                                places. |  
                                                |  |  |  | 
                                
                                
                                    |  | 
                                            
                                                |  |  | 
                                                        
                                                            This method involves physical entry into protected areas, such as the headquarters
                                                                of a company. The attacker, can impersonate a collaborator and convince the victim,
                                                                who is an employee authorized to enter at the same time, to open the datacenter door
                                                                using the victim's RFID pass.Access to non-public areas should be controlled by access policies and/or use of
                                                                access control technologies, the more sensitive the area, the stricter the
                                                                combination.
 |  
                                                |  |  |  |