Human-Centric Cybersecurity

5.

Social Engineering Attacks

5.1.

Fundamentals of Social Engineering

5.1.1.

Psychological Manipulation Principles

5.1.2.

The Social Engineering Kill Chain

5.1.2.1.

Information Gathering

5.1.2.2.

Relationship Building

5.1.2.3.

5.1.2.4.

5.1.2.5.

5.1.3.

Attack Vector Classification

5.1.4.

Target Selection Criteria

5.2.

Principles of Influence and Persuasion

5.2.1.

5.2.2.

Commitment and Consistency

5.2.3.

5.2.4.

5.2.5.

Liking and Similarity

5.2.6.

5.2.7.

Unity and Shared Identity

5.3.

Common Attack Techniques

5.3.1.

Phishing Attacks

5.3.1.1.

5.3.1.2.

5.3.1.3.

5.3.1.4.

5.3.1.5.

5.3.1.6.

5.3.2.

5.3.2.1.

Identity Impersonation

5.3.2.2.

Scenario Creation

5.3.2.3.

Information Elicitation

5.3.3.

5.3.3.1.

Physical Media Drops

5.3.3.2.

Digital Baiting

5.3.3.3.

Curiosity Exploitation

5.3.4.

5.3.4.1.

5.3.4.2.

Technical Support Scams

5.3.5.

Physical Social Engineering

5.3.5.1.

5.3.5.2.

5.3.5.3.

Shoulder Surfing

5.3.5.4.

Dumpster Diving

5.4.

Psychology of Victimization

5.4.1.

Emotional Exploitation

5.4.1.1.

5.4.1.2.

Urgency Creation

5.4.1.3.

Greed and Opportunity

5.4.1.4.

Curiosity and Interest

5.4.2.

Trust Building Mechanisms

5.4.3.

Cognitive Overload Tactics

5.4.4.

Authority and Credibility Manipulation

5.5.

Defense Against Social Engineering

5.5.1.

Recognition Training

5.5.2.

Verification Procedures

5.5.3.

Reporting Mechanisms

5.5.4.

Technical Controls

5.5.5.

Organizational Policies

Previous

4. Behavioral Science Applications

Go to top

Next

6. Usable Security Design