Social Engineering

Social Engineering

Social engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Phishing, spear phishing, and CEO Fraud are all examples.

Awesome Social Engineering

Social Engineering Tactics

📌 Categories of Social Engineering

  • Psychological Manipulation 🧠

  • Building Trust & Rapport 🤝

  • Elicitation Techniques 🎯

  • Impersonation & Pretexting 🎭

  • Persuasion Tactics 🏆

  • Digital Social Engineering 🌐

  • Physical Social Engineering 🏢

  • Advanced Social Engineering 🚨

🧠 Psychological Manipulation Tactics

  1. Reciprocity Pressure – "Here’s a free sample, now could you buy something?"

  2. Authority Influence – "The CEO asked me to collect this data from you."

  3. Social Proof Manipulation – "Everyone else has done it—why not you?"

  4. Scarcity Effect – "Only 2 spots left! Hurry!"

  5. Commitment & Consistency – "You signed up for a free trial, why not the full plan?"

  6. Urgency Triggers – "Act now before it’s too late!"

  7. Fear-Based Persuasion – "If you don’t update now, you’ll lose your account."

  8. Guilt-Inducing Requests – "I helped you before, can’t you return the favor?"

  9. Exploiting Sympathy – "I lost my wallet, can you lend me money?"

  10. False Sense of Obligation – "You’re my best friend; I know you’ll help me out."

🤝 Building Trust & Rapport

  1. Mirroring & Matching – Copying someone’s gestures to seem relatable.

  2. Compliment-Based Influence – "You’re amazing at this! Can you help me?"

  3. Artificial Common Interests – "Oh, you love photography too? So do I!"

  4. Using Humor to Disarm – Joking before making a request.

  5. Strategic Name-Dropping – "John said you’re the best person to ask."

  6. Fake Shared Experiences – "I remember you from that event last year!"

  7. Using Authority Figures – "Your boss recommended I reach out."

  8. Selective Vulnerability – "I’m new here, could you guide me?"

  9. Forced Familiarity – Acting as if you already know someone.

  10. Using Social Media Info – "I loved your recent post on LinkedIn!"

🎯 Elicitation Techniques

  1. Open-Ended Questioning – "How do you handle password resets?"

  2. False Confession Baiting – "I already know, but I need confirmation."

  3. Strategic Pauses – Staying silent to make the other person talk.

  4. Flattery for Disclosure – "You know so much about this, tell me more!"

  5. Fake Confidentiality – "Just between us, how does your system work?"

  6. Reverse Psychology – "You probably don’t have access to this, right?"

  7. Implying False Info – "Your office is on the 3rd floor, right?"

  8. Playing Dumb – "I don’t understand, can you explain in detail?"

  9. Fake Surveys for Data – "Take our quick security survey for a reward!"

  10. Gossiping to Extract Info – "I heard something about a new project… do you know anything?"

🎭 Impersonation & Pretexting

  1. Posing as IT Support – "We need your login details to fix an issue."

  2. Pretending to Be Lost – "Hey, do you work here? Can you show me around?"

  3. Impersonating an Authority – "I’m from corporate security; I need access."

  4. Calling as a “New Employee” – "Hey, I’m new. What’s the WiFi password?"

  5. Acting as a Delivery Person – "I have a package for the manager—can I drop it off inside?"

  6. Fake Job Offers – "We’d like to hire you; just send us your ID and bank details."

  7. Acting as a Journalist – "I’m writing an article—can you share internal details?"

  8. Fake Emergency Situations – "Your account is compromised! Confirm details now."

  9. Pretending to Be an Old Friend – "Hey, remember me from high school?"

  10. Fake Customer Complaints – "I need my order details; can you verify my account info?"

🌐 Digital Social Engineering

  1. Fake Phishing Emails – "Your password is expiring, reset now!"

  2. Social Media Manipulation – Pretending to be someone else online.

  3. Fake Online Contests – "Win a prize! Enter your details."

  4. Creating False LinkedIn Job Offers – "We have an open position; send us your CV."

  5. Fake Friend Requests – Adding someone to gain personal details.

🏢 Physical Social Engineering

  1. Tailgating into Secure Locations – Following someone through a door.

  2. Dumpster Diving for Data – Looking through trash for useful info.

  3. Shoulder Surfing for Passwords – Watching someone type their password.

  4. Posing as Maintenance Staff – "I need to fix the WiFi in your office."

  5. Using Fake IDs for Entry – Showing a fake badge to enter.

🚨 Advanced Social Engineering

  1. Fake Police or Government Calls – "This is the IRS. We need your details."

  2. Fake HR Emails – "Update your employee records here."

  3. Fake LinkedIn Recruiter Messages – "We have a job opening for you!"

  4. Fake Bank Calls – "We detected suspicious activity—verify your info."

  5. Fake Social Media Giveaways – "You’ve won! Enter your details here."

🛡️ How to Defend Against Social Engineering

  • Always verify identities before sharing information.

  • Be skeptical of urgent or emotionally charged requests.

  • Use multi-factor authentication (MFA) to protect accounts.

  • Limit social media sharing of personal details.

  • Train employees & teams on security awareness.

PreviousRed TeamNextThe Art Of Hiding In Windows

Last updated