In the previous sections, you learned how attacks work. You also learned about TCP/IP and some of its vulnerabilities. And you were exposed to the issues that your users will face so you can help them from a technical perspective. A key method of attack that you must guard against is called social engineering.
Social engineering is a process in which an attacker attempts to acquire information about your network and system by social means, such as talking to people in the organization. A social engineering attack may occur over the phone, by e-mail, or in person. The intent is to acquire access information, such as user IDs and passwords.
Always think of a social engineering attack as one that involves ...
Get CompTIA Security+™: Study Guide, Fourth Edition now with O’Reilly online learning.
O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.