Social engineering attacks
Social engineering attacks rely on someone's personality as they try to exploit them. There are various social engineering attacks; let's look at each of them and the principles of why they are effective:
- Phishing and spear phishing: Phishing attacks are done by emailing someone who tells you that your account is going to expire so you need to complete the attached form. They ask you for all of your personal details that could be later used for identity fraud. The email looks as if it has come from a legitimate body, so the user is fooled into carrying out the required instructions:

Figure 2: Phishing attack
- Whaling: A whaling attack targets either a chief executive officer or a high-level executive. CEOs and high-level executives have intense days, so what looks like a minor request they action quickly so that they can get their next task done and end up being attacked.
- Vishing: A vishing attack uses a VOIP phone, another telephone, or someone leaves a voicemail to...