Social engineering can have many potential outcomes on an organization, some obvious and some less so. It is important that you understand each of these, because they can have far-reaching effects: Economic Loss This one is fairly obvious. A social engineer may cause a company or organization to lose money through deception, lost productivity, or … Read more
Social engineering, like the other attacks we have explored in this book, consists of multiple phases, each designed to move the attacker one step closer to the ultimate goal. Let’s look at each of these phases and how the information gained from one leads to the next: 1. Gather information and details about a target … Read more
Why has social engineering been successful, and why will it continue to be so? To answer this, you must first understand why it works and what this means to you as a pentesters. Going after the human being instead of the technology works for a number of reasons: Trust Human beings are a trusting lot. … Read more
Social engineering is a term that is widely used but poorly understood. It’s generally defined as any type of attack that is nontechnical in nature and that involves some type of human interaction with the goal of trying to trick or coerce a victim into revealing information or violate normal security practices. Social engineers are … Read more
There are many steps in the footprinting process, each of which will yield a different type of information. Remember to log each piece of information that you gather no matter how insignificant it may seem at the time. Using Search Engines One of the first steps in the process of footprinting tends to be using … Read more
Social engineering will put your layered defenses to the true test. Even with strong security controls, a naïve or untrained user can let the social engineer into the network. Never underestimate the power of social engineers — and that of your users and helping them get their way. Policies Specific policies help ward off social … Read more
Hardening your environment to withstand SEAs, especially targeted ones, is more a matter of training than a traditional security control. An SEA goes right to the most vulnerable point in a company’s defenses: its employees. For the reasons discussed in the preceding sections, people make decisions daily that impact or even compromise implemented security measures. … Read more