Social Engineering attacks were discussed as a topic within Module 2 of this class pertaining to ‘Pervasive attack surfaces and controls’. The main things involved in this topic are understanding what exactly social engineering is and what the various types of social engineering attacks are.
Through the course content to include the book, PowerPoint, our class with Dr. Cooper, and module information I’ve grasped that social engineering is what somebody (or something) is doing when they are trying to get information from someone else or are trying to get that person to do something that could weaken the security of a system. Weakening the security of the system could get the same result of obtaining information. Most social engineering is done in a way to trick the person into giving up the information or trick them into doing something that could provide access to the person or thing that is doing the social engineering. This could come in the form of pretending to be someone else or having a legitimate reason, or it could be just a trick in general to get them to click on something or download a file.  This leads us into all the various types of attacks and the defenses available to stave off these attacks.

Phishing is one of the most common and it’s essentially impersonating something or someone else via e-mail in order to get someone to divulge information that they otherwise wouldn’t if they knew who they were really talking to / dealing with. The various forms of phishing include:
– Vishing – using phone calls to request information
– Smishing – using texts to request information or send malicious links
– Whaling – usually more sophisticated and targeting higher profile people like CEOs, etc.
– Spear phishing – targets specific persons or groups

Other types of social engineering attacks include:
Impersonating – can be done via phishing but could also be done in person. Basically pretending to be someone you’re not. Social media could be a place this happens as well with how easy it is to make fake profiles of people.

Redirection – getting somebody to go to a site that looks almost exactly like the ‘real’ site. This is usually done by having a slight variation in the url itself so that people are less likely to realize the site is fake.

Misinformation – This is just information that is either false or misleading

Disinformation – This is false information that is spread with the intent to deceive someone and it can often be to try and get someone to do something they wouldn’t if they had truthful information.

Malinformation – Not mentioned in the course from what I saw but while reading into these topics further I found this. It is essentially information that is true but it is presented in a way that misleads and causes potential harm. (Canadian Centre for Cyber Security, 2024)

Watering hole – This is where a website contains malware and infects those who visit it. The social engineering aspect comes from leading people to the site.

Through doing some deeper dives on the different types of social engineering attacks. I came across this chart that shows the prevalence of social engineering attacks that make up ransomware infections. (Bonnie, 2025) Most, if not all of these delivery methods can be traced back to or lead to a type of social engineering attack.

One of the assignments related to this topic was looking at the different database breaches at https://oag.ca.gov/privacy/databreach/list I found this very interesting as I didn’t realize all of that information was at our fingertips until this assignment showed us.

While putting together this ePortfolio I revisited the site and noticed there was a recent one on there for Discord dated 11/26/2025 which might explain why I noticed the past few days I’ve had to keep logging in to discord multiple times per evening. Before this weekend I have barely ever had to put the password in, it just stayed logged in. I guess I’ll be changing my password to be on the safe side.