Social Engineering

Phone calls

As a blanket rule, assume everyone on an inbound call is a liar and trying to get something from you until proven otherwise. A simple way to verify them is to give you a callback number and verify it with their company. For example, someone calls you from your bank (unlikely in any case). Ask them for a callback number, call your bank’s posted number, and have them verify it. Never give personal info over the phone.

Phishing

Shoulder surfing

Various Deception Methods

Carrying Boxes

Sob Stories

Lying

So and so sent me, I am just checking up on XYZ

I am with XYZ company here to inspect

I am the password inspector