Social engineering is a way of using the human psychology against the individual and taking advantage of their trust. The main difference of this avenue of attack than all the others is that this relies on human communication rather than communication between devices. Social engineering attack methods can include
- Impersonation
- Reciprocation
- Influential Authority
- Scarcity
- Social Relationship
- Social Engineering Toolkit
Impersonation seems to be the most commonly used way of social engineering in which someone makes a fake social media account or email to persuade the target they are someone who they are not. If the victim actually falls for this trick then they would be susceptible to phishing attacks as previously mentioned. Fake links, emails, and fake offers can be paired with social engineering to gain the IP Address, Login Credentials, and even Banking Information.
Social Relationship is also something that can be used to gain trust of a victim and persuade them to reveal sensitive information without having to do any technical methods of hacking.
A social engineering tool that is used CUPP (Common User Passwords Profiler) that generates passwords based on the target’s personal, psychological, and social characteristics. Some information of the target is needed for this tool to work but when it is generated it can be a powerful password list to use with hydra or any dictionary attack tool.