10 Forms of Social Engineering

The weakest link in Cybersecurity are the users. Social Engineering is when a criminal manipulates users into achieving actions that take sensitive information. This is not ideal due to the amount of power that information now acquires in the Digital Age.  

Here are 10 Forms of Social Engineering. 

1. Whaling 

The main target of a Whaling Attack tends to be high-value individuals. They're specifically built to maximise the chance of success. It carries similar benefits to Spear Phishing where customising baits to particular users ramps up the quality relative to crafting traps for a larger population that's likely to be believable.


You might encounter prepending, where text is added as a prefix. An attacker can simply supply some items in the beginning aiming to get someone to perform an action. Think of an Email Title with prepended text that says 'Vice-Chancellor Updates'. For some entities, adding such text might contribute into making the composed message appear more normal than it is, thus making a user more likely to believe that the sent email is authorised.

3.Identity fraud 

This social engineering attack is used when an attacker uses a different person’s identity to commit a crime. 

4.Invoice scams

An invoice is a document that defines transactions. Sometimes we might find ourselves reading an Invoice Scam. 

5.Credential harvesting

Login Information can be compromised. Credential harvesting is an emphasis on taking this through a data breach. 


A type of attack derived from the military term used to describe the actions of surveying a battlefield to gain information prior to hostilities. In the field of Cybersecurity, the concept is the same: an adversary will examine the systems they intend to attack, using a wide range of methods.


At first glance, it might seem that a hoax related to security would be considered a nuisance and not a real security issue. This might be the case for some hoaxes, especially those of the urban legend type, but the reality of the situation is that a hoax can be very damaging if it causes users to take some sort of action that weakens security.


A common social engineering technique and can be employed in many ways. It can occur in person, over a phone, or online. In the case of an impersonation attack, the attacker assumes a role that is recognised by the person being attacked, and in assuming that role, the attacker uses the potential victim's biases against their better judgement to follow procedures.

9.Watering hole attack

Involves the infecting of a target website with malware. In some of the cases detected, the infection was constrained to a specific geographical area.

10.Typo squatting 

An attack form that involves capitalising upon common typo-graphical errors. If a user mistypes a UTL, then the result should be a 404 error, or "resource not found". But if an attacker has registered the mistyped URL, then the user would land on the attacker's page.


There are many more types of Social Engineering Attacks but hopefully this list provides an important message. Cybersecurity is not a product that can be purchased but rather a practice. There will always be risks, the goal is to simply mitigate. 

Written by Regi Medina, ICT Professional


Popular Posts