Social engineering
The weakest link in companies are humans. They are likely to commit mistakes π₯. Social engineering is a technique used by hackers to exploit humans into compromising the security of the organization.
Phishing π£: trick the victim using fraudulent emails/sms/messages leading them to revealing sensitive or private information.
Spear Phishing/Fraude au prΓ©sident
π«: the attacker investigates a victim in order to create a convincing mail/call that will lead them to compromise the organization. For instance, an email from the director on a friday (right before going home) asking them to URGENTLY transfer money without notifying anyone.
π» To-do π»
Stuff that I found, but never read/used yet.
-
Social Hacking
- Tailgating
- Pretexting/Roleplaying
- Dumpster Diving
- Baiting
- Shoulder surfing
- Vishing
- Smishing
- Homoglyph
- Serveur Open Mail Relay
- Spam
- Email spoofing
- Email Attachments
- SET (Social Engineer Toolkit)
- If we compromise a ticketing system, we can use it to receive mails (e.g. maybe, with company email, each ticket may have a thread). Can be used to join Slack or create accounts maybe.