This document discusses four methods of social engineering attacks: piggybacking, phishing, impersonating a delivery person, and impersonating tech support. For each method, it provides an example and explains how the attack works and how attackers are able to obtain data through each method. Piggybacking involves following someone into a secured building. Phishing involves sending fraudulent emails to trick people into providing personal information. Impersonating delivery people or tech support allows attackers to gain physical access to computers in order to steal data directly. All of these methods exploit human trust and lack of caution.

1.
C3­ Ethical Issues
​Devlin Ceretti, Jenny Duong, Steven Lam
Tuesday, May 10, 2016
Piggybacking Phishing Delivery Person Tech Support
What is it/example? ​A way for a
person to gain
access to a
secured building
even if it has
smart­card passes
or biometrics.
Example:
When an
employee of the
company allow
individuals into a
secured door by
holding it open for
them because the
individual appears
to still be
searching for their
pass.
The practice of
sending emails
appearing to be
from a reputable
sources with the
goal of
influencing or
gain personal
information.
Several different
forms of attacks
that are
commonly used
via phishing.
People that
impersonate a
delivery person or
someone delivering
a package. They do
this in order to gain
access into a
building then just
use a USB to take
data straight from a
computer.
Example:
In 2007, a person
posed as a delivery
person, and robbed
Ernest Rady, a
billionaire who lives
in San Diego. The
person knocked at
the door claiming to
be a delivery
person, and
Ernest’s wife
opened the door for
him.
A person who uses
social engineering
to impersonate a
tech support worker.
Example:
A person that is
impersonating a
tech support worker
goes into
someone's house
and compromises
their computers
data through a USB
or just through
physically looking
through the
computer
Why it works? It works because it
is very easy for
the individual to
scam the
employee, the
individual could
dress up as an
employee working
there since the
company is a big
business, not
everyone know
who works there
or not so the
individual could
The attack
appears as
someone/somet
hing that they
are not, and lies
to users as if
they are selling
products.
People that order
something like a
pizza will assume
the person is just
gonna give you
what you order and
will usually not even
think or notice they
got anywhere close
to your computer
People don't think
twice when they
request a tech
support worker they
can just let
themselves into
someone's
computer. Most
people don’t
properly protect
their files so they
can be taken easily
with access to the
physical PC

2. easily pretend
they work there.
How do they get data? They get data by
going into the
company and
going through the
files or hacking the
computer system.
People check
their emails
without caution
and are usually
tricked into
clicking a link to
an illegitimate
website which
fools an
individual into
handing over
personal
information.
By gaining access
into a building and
planting a USB or
some other type of
data storing device
onto somebodys
computer and
stealing the data.
Through going into
somebodys
computer physically
or they can also get
information through
a phone call by
finding a person
requiring tech
support and then
walking them
through “fixing their
problem”