Types of social engineering
While social engineering focuses on psychologically hacking the human mind, there are various types of social engineering attacks, such as traditional human-based, computer-based, and even mobile-based attacks. During this section, you will discover the fundamentals and characteristics of each type of social engineering attack.
Human-based
In human-based social engineering, the threat actor or penetration tester usually pretends to be someone with authority, such as a person who is important within the organization. This means the threat actor can attempt to impersonate a director or senior member of staff and request a password change on the victim's user account. An easy form of impersonation that usually gets a user to trust you quickly is posing as technical support. Imagine calling an employee while you're pretending to be an IT person from the organization's helpdesk team and requesting the user to provide their user account details...