3.0 Threats and Vulnerabilities

3.3 Analyze and differentiate among types of social engineering attacks

  • Shoulder surfing

    Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand.

  • Dumpster diving

    In IT, dumpster diving refers to the physical methods used to gain information that may provide an attacker with access to specific resources. These methods include sorting through the trash searching for financial or personal records or information that may have been discarded.

  • Tailgating

    Tailgating is the act of following another person through a door that is intended to keep out intruders, thus compromising the physical security of the facility. Once inside, an attacker is often free to move about.

  • Impersonation

  • Hoaxes

  • Whaling

  • Vishing