# Social Engineering

By [ELIJAH](https://paragraph.com/@elijah-21) · 2024-01-22

---

Social engineering is a form of manipulation used by individuals or groups to deceive and manipulate others into divulging confidential information, providing access to restricted systems, or performing actions that may not be in their best interest. This type of attack relies on exploiting human psychology rather than relying on technical vulnerabilities.

Here are some common techniques used in social engineering:

1.  **Phishing:** Sending fraudulent emails or messages that appear to be from a trusted source, such as a bank or a legitimate organization, in order to trick individuals into revealing sensitive information like passwords or credit card numbers.
    
2.  **Pretexting:** Creating a fabricated scenario or pretext to obtain information from a target. This may involve pretending to be someone the target knows or trusts to extract sensitive information.
    
3.  **Baiting:** Offering something enticing, such as a free download or a USB drive, with the intention of infecting the target's computer or gaining unauthorized access.
    
4.  **Quid pro quo:** Offering a service or benefit in exchange for information. For example, a social engineer might pose as IT support and offer assistance in exchange for login credentials.
    
5.  **Impersonation:** Pretending to be someone else to gain trust or access. This could involve posing as a coworker, a technical support representative, or another trusted entity.
    
6.  **Tailgating or Piggybacking:** Physically following someone into a restricted area without proper authorization by taking advantage of the person's natural instinct to hold the door for others.
    
7.  **Reverse Social Engineering:** Manipulating an individual or organization by convincing them that they need help or support, leading them to provide sensitive information willingly.
    

Social engineering attacks can occur in various contexts, including online interactions, phone calls, or in-person interactions. To protect against social engineering, individuals and organizations should be aware of these tactics, exercise caution when sharing sensitive information, and implement security measures such as two-factor authentication, employee training, and regular security awareness programs.

---

*Originally published on [ELIJAH](https://paragraph.com/@elijah-21/social-engineering)*
