Social Engineering is a technique used by attackers to manipulate or trick people into revealing confidential information, giving access, or performing actions that compromise security. Instead of hacking systems, attackers hack human psychology.
Fake emails or messages designed to make users click malicious links or provide personal information.
A targeted form of phishing aimed at specific individuals or organizations.
A type of phishing aimed at high-level executives such as CEOs, CFOs, and directors.
Attackers call victims pretending to be bank officers, police, or support staff to steal information.
Using text messages to trick victims into clicking malicious links or sharing personal details.
Attackers create a false scenario or identity to trick people into giving sensitive information.
Using attractive offers to lure victims into downloading malware or giving information.
Following an authorized person into a restricted area without proper credentials.
Offering something in return for information.
A payload is the part of malware or an attack that performs the malicious action after delivery. It is the “damage-causing” component of the attack.
Example: A phishing email is the delivery, but the ransomware inside the attachment is the payload.
Encrypts the victim’s data and demands ransom to unlock it.
Steals sensitive data such as:
Records everything a user types on the keyboard and sends it to the attacker.
Creates unauthorized access points so attackers can re-enter the system anytime.
Turns the infected device into a “bot,” allowing the attacker to control it remotely.
Used for:
Downloads additional malware from the internet after the initial infection.
Hides malicious activities by gaining administrative (root) privileges.
Steals sensitive files and transfers them to the attacker without detection.
Designed to damage or destroy data.
Examples:
Shows intrusive ads or redirects users to malicious websites.
| Social Engineering Attack | Description |
|---|---|
| Phishing | Fake emails/messages to steal data |
| Spear Phishing | Targeted phishing attack |
| Whaling | Targets high-level executives |
| Vishing | Voice-based scam |
| Smishing | SMS-based phishing |
| Pretexting | Fake identity/scenario to steal data |
| Baiting | Free or tempting lures containing malware |
| Tailgating | Entering secure area by following someone |
| Quid Pro Quo | Offering something in exchange for info |
| Payload Type | Purpose |
|---|---|
| Ransomware | Encrypts data for ransom |
| Spyware | Steals information |
| Keylogger | Records keystrokes |
| Backdoor | Provides secret access |
| Botnet | Controls device remotely |
| Downloader | Installs more malware |
| Rootkit | Hides malicious activities |
| Data Exfiltration | Steals sensitive files |
| Destructive | Damages or deletes data |
| Adware | Displays unwanted ads |
Social engineering attacks exploit human trust, while payloads are the technical components that cause harm after an attack succeeds. Together, they form a powerful combination used by cybercriminals to infiltrate systems and steal or damage valuable information.
Open this section to load past papers