Why is Social Engineering Successful?
Why has social engineering been successful, and why will it continue to be so? To answer this, you must first understand why it works and what this means to you as a pentesters. Going after the human being instead of the technology works for a number of reasons:
Trust Human beings are a trusting lot. It’s built into the species. When you see someone dressed a certain way (such as wearing a uniform) or hear them say the right words, it causes you to trust them more than you normally would. For example, if you see someone dressed in a set of scrubs and carrying a stethoscope, it causes you to trust them. This tendency to trust is a weakness that can be exploited.
Human Habit and Nature Human beings tend to follow certain default habits and actions without thinking. People take the same route to work, say the same things, and take the same actions without thought. In many cases, humans have to consciously attempt to act differently from the norm in order to break from their learned habits. A good social engineer can observe these habits and use them to track people or follow the actions of groups, and gain entry to buildings or access to information.
