Chapter 5. Social Engineering

In This Chapter

  • Introducing social engineering

  • Examining the ramifications of social engineering

  • Understanding and using social engineering techniques

  • Protecting your organization against social engineering

Social engineering takes advantage of the weakest link in any organization's information security defenses: people. Social engineering is "people hacking" and involves maliciously exploiting the trusting nature of human beings to obtain information that can be used for personal gain.

Social engineering is one of the toughest hacks to perpetrate because it takes great skill to come across as trustworthy to a stranger. It's also by far the toughest hack to protect against because people are involved. In this chapter, I explore the ramifications of social engineering, techniques for your own ethical hacking efforts, and specific countermeasures to defend against social engineering.

Social Engineering 101

Typically, malicious attackers pose as someone else to gain information they couldn't access otherwise. They then take the information they obtain from their victims and wreak havoc on network resources, steal or delete files, and even commit industrial espionage or some other form of fraud against the organization they attack. Social engineering is different from physical security exploits, such as shoulder surfing and dumpster diving, but they are related and often are used in tandem.

Here are some examples of social engineering:

  • False support personnel

Get Hacking For Dummies® 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.