Social engineering attacks are email attacks that target user behavior. Some of these attacks may be sophisticated and use detailed information about you and your organization to trick you into clicking on links, images, or buttons that cause malicious software to be downloaded to your device or sharing sensitive information about yourself.
There are several forms of social engineering attacks:
Boss scam. The Boss Scam is a cyber-attack in which fraudsters impersonate a top executive to target employees and trick them into buying gift cards, transferring money etc
Baiting. Baiting attacks are specifically designed to pique your interest. They may be political, outrageous, or promotional in nature.
Scareware. Scareware attacks are designed to induce immediate panic. Malware warnings, password compromised warnings, bank account warnings, paid accounts (e.g., Netflix, Amazon, Microsoft, telephone) warnings are all scareware.
Pretexting. Pretexting attacks use a series of emails to gain trust or access with the eventual goal that you click on a link.
Spear-Phishing. In a spear-phishing attack an attacker will use information about you or your organization to target you. They’ve researched your organization, possibly hacked somebody’s calendar or contact list, studied your public facing website, and systematically impersonate someone to get an approval for a check or bank transfer, access documents on a server or your email account, or get personal account information or install malware by clicking on a link.
