Phishing
No two phishing emails are the same. There are at least six different sub-categories of phishing attacks
Pretexting
Pretexting is another form of social engineering where attackers focus on creating a pretext, or a fabricated scenario, in order to steal someone's information. In these types of attacks, the scammer usually impersonates a trusted entity/individual and says they need certain details from a user to confirm their identity. If the victim complies, the attackers commit identity theft or use the data to conduct other malicious activities.
Baiting
Baiting is very similar to phishing. The difference is that baiting uses the promise of an item or good to entice victims. Baiting attacks may offer of free music or movie downloads to trick users into handing in their login credentials, for example.
4. Quid Pro Quo
Quid pro quo attacks promise something in exchange for information. This benefit usually assumes the form of a service. Earlier attacks have shown that office workers are more than willing to give away their passwords for a cheap pen or even a bar of chocolate
Tailgating
Our final social engineering attack type is known as “tailgating.” An example is when someone without the proper authentication follows an authenticated employee into a restricted area. The attacker might impersonate a delivery driver and wait outside a building to get things started. When an employee gains security’s approval and opens the door, the attacker asks the employee to hold the door, thereby gaining access to the building.
Social Engineering Recommendations
Organizations must help their employees counter these types of attacks. You can do so by incorporating the following tips into your security awareness training programs.