Social Engineering

Social Engineering is an act of stealing
information from humans. As it does not have
any interaction with target system or network,
it is considered as a non-technical attack, Social
Engineering is considered as the art of
convincing the target to reveal information. It
may be physically one-to-one interaction with
the target or convincing the target on any
platform such as social media. It is a popular
platform for social engineering. This is the fact
that people are careless, or unaware of the
importance of the valuable information they
possess.

Relevance of Social Engineering

One of the major vulnerability which leads to
this type of attack is “Trust”. The user trusts
another user and does not secure their
credentials from them. This may lead to an
attack by the user, to the second person may
reveal the information to the third one.

Types of Social Engineering

• Human Based SE
  1.Impersonation
  2.Eavesdropping
  3.Shoulder Surfing
• Computer Based SE
  1. Phishing
• Mobile Based SE
  1.Publishing malicious apps
  2.Repackaging legitimate apps

Doppelganger Domain

A Doppelganger domain is nothing but an identical
website or an email ID. It’s a Kind of Attack Vector called
“Typosquatting ”

Eg:

If someone’s email address is * user@finance. company.com” the
doppelganger domain would b‘user@financecompany.com”