Attack Techniques
Phishing
Fake emails/sites to steal credentials
CommonPretexting
Creating false scenarios to gain trust
DeceptionBaiting
Offering something enticing (infected USB, free software)
LureTailgating
Following authorized person into secure area
PhysicalPhishing Variants
Email PhishingMass-sent deceptive emails
Spear PhishingTargeted at specific individuals
WhalingTargeting executives and high-value targets
SmishingSMS-based phishing attacks
VishingVoice call social engineering
Psychological Principles Used
Manipulation Tactics
Authority - Impersonating someone in power Urgency - Creating time pressure to act quickly Scarcity - "Limited time offer" manipulation Reciprocity - Giving something to expect return Liking - Building rapport before the ask Social Proof - "Everyone else is doing it"
Defense Strategies
- Verify requests through separate channels
- Check email sender addresses carefully
- Never give credentials via email or phone
- Be suspicious of urgent requests
- Hover over links before clicking
- Use hardware security keys (phishing-resistant)
- When in doubt, don't click