Question

The type of social engineering attack you are describing is known as "watering hole attack." In a watering hole attack, the attacker identifies individuals from a specific organization who are likely to visit a particular third-party website that is less secure. The attacker then compromises that website to deliver malware or other malicious content. When the targeted individuals visit the compromised website, their computers can become infected, allowing the attacker to gain access to the organization's network or systems through the compromised individuals. This method takes advantage of the trust users place in commonly visited websites and targets them indirectly through that trust.