Attack type

References

Description

Impersonation

[3] [7] [10] [11] [13] [15]

In such attacks, attackers present a false identity such as an employee or valid user and can gain physical access to the system or network to execute the attack.

Shoulder surfing

[7] [10] [11] [12] [13] [14] [17]

In this type, the attacker observes over the target’s shoulders to gather the personal information.

Example: observing victim’s while entering the

password while using ATM, Email or any accounts.

Dumpster diving

[1] [7] [10] [11] [12] [13] [14]

In this attack, the social engineer gathers confidential information from the company’s trash or bins. Attacker mostly searches for discarded equipment like old computer materials, drivers, CDs, documents, papers from which they can retrieve confidential data.

Eavesdropping

[10] [12]

It is an act of secretly listening to the communication or conversation of others without their concern. An attacker might use a communication channel like emails or telephone lines to listen to the conversation proactively.

Vishing

[11] [12] [13]

Vishing is known also as phone phishing is where criminals call the victim and persuade them to provide personal, financial or other sensitive information over the phone or perform an action that could handover the confidential information to the attacker. In most cases, voice over internet protocol (VoIP) is used to conduct the vishing attack.

Tailgating

[4] [10] [11] [12] [13]

Tailgating is an act where an attacker gets access to the restricted area, by following someone who has legitimate access to that area. The attacker might ask the victim to hold the door or simply walk in behind a person with security clearance.

Quid pro quo

[2] [4] [13]

Attackers commonly call the target and seduce them by offering free services to solve any technical issues in their network and system. Target then provides the confidential information (Wi-Fi password, username/password) to the attacker assuming the legitimate technical or security personnel.