2.7. Understanding Social Engineering

In the previous sections, you learned how attacks work. You also learned about TCP/IP and some of its vulnerabilities. And you were exposed to the issues that your users will face so you can help them from a technical perspective. A key method of attack that you must guard against is called social engineering.

Social engineering is a process in which an attacker attempts to acquire information about your network and system by social means, such as talking to people in the organization. A social engineering attack may occur over the phone, by e-mail, or in person. The intent is to acquire access information, such as user IDs and passwords.

Always think of a social engineering attack as one that involves ...

Get CompTIA Security+™: Study Guide, Fourth Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial