Deep ThoughtsBlog
← Back to all writing

Network+ Exam

Social Engineering Attacks

October 29, 2025

  • #network+

Social Engineering Attacks

Any attempt to manipulate users to reveal confidental informaton or perform actions detemental to a systems security.

in most networks the weakest link is end users and employees.

phishing - sending an email to get a user to click a link. many people fall for phishing attempts. 60-70%

Bad grammer

poor spelling

Phisihg - sending out emils to capture the most people and doesn’t really targe t any particular group.

Spear phishing - more targeted, looking for specefic targets. normally based on a data breach .

Whaling - spear fishing hig value targets

Tailgating - entering a secure portion of the building by following an aurhorized person into it.

Always train employees to pull the dor shut behind them.

Piggybacking - similar to tailgaiting but is done with the other person’s consent. two people enger on one swipe.

Sholder surfing - coming up behind an employee to gain user credentials. looking at the hands while you do something. seeing some info that you’re not meant to see. you can also use ears for eavs droping.

Dumpster Diving - scavengin for persona or confidental informatonin garbabe or recycling containers. Attackers look for clues in the trash. look for phone list, bills, emails, any info .. shread data before throwing it away or use a locked trashcan.

Social Engineering Attacks

Concept

  • Manipulating users into revealing information or performing unsafe actions.
  • Weakest link = people (end users, employees).

Common Types

  • Phishing
    • Mass emails with malicious links/attachments.
    • Poor spelling, grammar, urgency are common red flags.
    • ~60–70% of users may fall for phishing attempts.
  • Spear Phishing
    • Targeted phishing aimed at specific individuals or groups.
    • Often based on data from previous breaches.
  • Whaling
    • A form of spear phishing targeting high-value individuals (executives, C-suite).
  • Tailgating
    • Attacker follows an authorized person into a secure area without permission.
    • Defense: Train employees not to hold doors open.
  • Piggybacking
    • Similar to tailgating, but the authorized person knowingly allows another person in (sharing swipe access).
  • Shoulder Surfing
    • Attacker physically observes credentials or data (looking over shoulder, listening nearby).
  • Dumpster Diving
    • Searching trash/recycling for sensitive data (phone lists, bills, emails).
    • Defense: Shred sensitive documents, use locked disposal bins.

Mitigation

  • Employee training & awareness.
  • 2FA (so stolen passwords aren’t enough).
  • Policies: Don’t allow tailgating, shred documents, verify emails.
  • Technical: Email filters, anti-malware, DLP solutions.

Exam Must-Knows

  • Phishing = broad, mass emails.
  • Spear phishing = targeted.
  • Whaling = executive target.
  • Tailgating = sneaking in. Piggybacking = let in.
  • Shoulder surfing & dumpster diving = physical methods.

⚡Memory Trick:

“PSW-TPSD” = Phish, Spear, Whaling – Tailgate, Piggyback, Shoulder, Dumpster.

linked in is a good one.