Telephone Interactions

In a telephone social engineering attack, the hacker contacts the victim pretending to be someone else, such as a service technician or fellow employee, and attempts to gather information that may seem innocuous to the victim.


Face-to-Face Interactions

Social engineers may try to collect information about their victims at trade shows or conferences related to the victims’ line of work, personal interest, or hobby.

Typically, the social engineer will wander about the event striking up conversations with potential victims. The event gives them a common interest with which to break the ice. They may also go as far as setting up a display or booth to collect information under the pretense of offering a solution or a product related to the event.


Email/Web Interactions

Social engineering can also be conducted in writing via email, postal mail, survey, or other form of written contact with users of a system. Remember:

  • Be suspicious of anyone requesting information, especially by phone, Web, or email, and always verify the identity of the person or organization making the request.
  • Before entering personal information online, verify that the URL starts with https:// and that you see a closed padlock icon in your browser (often found in the lower right-hand corner of your screen).
  • Contact the organization by telephone if there is any doubt as to the authenticity of an email or Web site.
  • Contact security if anyone requests your work password(s).