• Phishing: Sending deceptive emails or messages that appear to be from a trustworthy source, encouraging recipients to click on links or download attachments that contain malware or lead to fake login pages.
• Pretexting: Creating a fabricated scenario or pretext to obtain information, often involving impersonation, such as pretending to be a colleague, customer, or authority figure.
• Baiting: Distributing malware-infected files or devices, disguising them as valuable or enticing iitems, and relying on the curiosity of victims to infect their systems.
• Tailgating: Gaining unauthorised physical access to a secured area or building by following an authorised person through a controlled entrance.
• Quid pro quo: Offering something in return for sensitive information, such as promising free software or technical support in exchange for login credentials.
• Impersonation: Pretending to be someone else, either in person, over the phone, or online, to manipulate individuals into divulging confidential information.
• Vishing: Using voice communication, typically over the phone, to deceive individuals into revealing personal information or taking specific actions.
• Watering hole attacks: Compromising websites or online resources that the target audience frequently visits, in the hope that victims will unknowingly download malicious content.

Social engineering attacks are a significant threat to cybersecurity because they exploit the weakest link in any security system: the human element. Hackers employ these tactics to trick individuals into revealing sensitive data, providing unauthorised access, or unintentionally participating in cybercriminal activities. Educating individuals about these tactics and promoting vigilance is essential to counteract social engineering attacks.