Social Engineering
Social engineering is when attackers hack people instead of computers. Instead of breaking firewalls, they manipulate human psychology — things like trust, fear, urgency, or curiosity — to trick someone into giving away information, money, or access.
Think of it like con artists moving online: they use tech channels (email, phone, SMS, QR codes) but the real target is always the human mind.
Main Types of Social Engineering
1. Phishing (Email Phishing)
- How it works: Fake emails that look like they’re from banks, delivery companies, or work colleagues.
- Goal: Steal logins, financial info, or install malware.
- Red flag: Weird sender address, urgent tone, suspicious links/attachments.
2. Smishing (SMS Phishing)
- How it works: Scam texts pretending to be delivery updates, account alerts, or prize notifications.
- Goal: Trick you into clicking malicious links or sharing codes.
- Red flag: Shortened URLs or texts pushing “immediate action.”
3. Vishing (Voice Phishing)
- How it works: Scam calls or voicemails pretending to be banks, government, or tech support.
- Goal: Get victims to share personal data, passwords, or transfer money.
- Red flag: Caller insists you share codes/passwords or threatens consequences.
4. Quishing (QR Code Phishing)
- How it works: Malicious QR codes on posters, flyers, or fake menus.
- Goal: Send victims to fake websites or auto-download malware.
- Red flag: Random QR stickers in public or codes promising huge discounts.
5. Spearphishing & Whaling
- How it works: Highly targeted scams. Spearphishing = aimed at specific individuals. Whaling = aimed at executives or “big fish.”
- Goal: Gain access to sensitive systems or money transfers.
- Red flag: Message contains personal info to seem legit, but bypasses normal procedures.
6. Baiting
- How it works: Attackers leave “free” USBs or files online with enticing labels.
- Goal: Get users to plug in infected devices or download malware.
- Red flag: Freebies that are too good to be true.