Tailgating
Refers to attacks where bad actors use real world manipulation techniques to gain access or data on victims. It involves being around the victim and using deception and psychological tricks to spy on the victim or use their person as a means to an end.
Piggybacking
Term coming from the analogy of someone riding in the back of another person. Bad actor will roleplay and even dress as an employee or service worker to gain access to a building by entering just behind a real authorized person, exploiting human trust and "not wanting to be impolite by not holding the door". People often don't suspect if they enter with enough confidence and even if its strange they will probably not want to be rude by asking.
Keylogging
Bad actors will manipulate a system to capture the keystrokes on a small hidden computer around. Often done on ATM machines by placing a fake keyboard over the real one and a card reader over the real one too, having both credit card number and PIN stored, the attacker will return in some time and retrieve the data.
Dumpster Diving
Bad actors will look for data on dumpsters around the target company. Overconfident companies will put papers containing tons of data over trash, not securely destroying them before. An attacker can even roleplay as a homeless person to pass unnoticed.
Shoulder Surfing
Bad actor will literally look over someone's shoulder, use binoculars, surveillance cameras or simply follow around a victim to steal data, for example the PIN introduced in a ATM machine or credentials on a smartphone.
Eavesdropping
Bad actor will try to remain as unnoticed as possible, even using disguises, to stay close to victims and eavesdrop data such as personal information that they will use later on more tailored attacks. Attacker could also plant listening devices around the victim premises or even in his personal belongings to listen even further and more private conversations.
Credit Card skimming
Bad actors use manipulated card devices to capture the data from the magnetic stripe of a credit card, posing for example as street vendors or charity organizations, unsuspecting victims will insert the card into the compromised device and then later, the attacker will use this information to make transactions into crypto accounts or exploit credit card systems into buying lots of small things that will not ask for a PIN.
Bluetooth hacking
Bad actors will exploit vulnerabilities in the Bluetooth protocol to steal data from the victim, by creating a fake device to connect. Once connected, the exploit will automatically execute and the attacker will exfiltrate the data.
Last updated