Social Engineering

The idea behind social engineering is to manipulate how the human mind works, to the advantage of the attacker. A hacker may deploy many tools, but they tend to fall into some very observable categories. Table 11-2 shows a few tools in the social engineer's toolkit.

Table 11-2: Social Engineering Tools

Framing The framing technique is used to frame up a particular thought, such as “75 percent real fruit juice.” Okay, what's the other 25 percent? The idea of framing is to get your mind headed in a specific direction. That direction is likely not one you want to go in if it's a social engineer doing the talking.
Incentives Using incentives is a timeless technique. In fact, it's used quite legitimately on a regular basis. Think about “35 percent off” of that item you have to have. The incentive, of course, is less money for them and more money for you! At least, that's how it's presented. This incentive can also be social; for example the homeless guy who holds up the “will work for food” sign. The incentive is that you can absolve the feeling of guilt he may be creating in your mind by giving him some money. A social engineer can use incentives in relation to his or her desired attack. The attacker needs to know what incentive will work on you. It could be any number of things, such as money, social influence/pressure, or something that plays on your personal value set or ideals.
Reciprocity Although it can be tricky to use, reciprocity ...

Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.