In human-based social engineering, the attacker pretends to be someone with authority. The attacker sometimes poses as a legitimate end user by providing a false identity and asking for confidential information. Additionally, the attacker can pretend to be an important user in the organization, such as a director or senior member of staff, and request a password change on the victim's user account. An easy form of impersonation that usually gets a user to trust you quickly is posing as technical support. Imagine calling an employee while you're pretending to be an IT tech and requesting the user to provide their user account details. Usually, end users are not always aware of human-based threats in cybersecurity and would quickly trust someone who is pretending to be technical support.
In the following sections, we will take a deep dive into the various types of human-based social engineering techniques, including the following:
- Eavesdropping
- Shoulder surfing
- Dumpster diving
Let's begin with eavesdropping.