Chapter 5. Social Engineering
In This Chapter
Introducing social engineering
Examining the ramifications of social engineering
Understanding and using social engineering techniques
Protecting your organization against social engineering
Social engineering takes advantage of the weakest link in any organization's information security defenses: people. Social engineering is "people hacking" and involves maliciously exploiting the trusting nature of human beings to obtain information that can be used for personal gain.
Social engineering is one of the toughest hacks to perpetrate because it takes great skill to come across as trustworthy to a stranger. It's also by far the toughest hack to protect against because people are involved. In this chapter, I explore the ramifications of social engineering, techniques for your own ethical hacking efforts, and specific countermeasures to defend against social engineering.
Social Engineering 101
Typically, malicious attackers pose as someone else to gain information they couldn't access otherwise. They then take the information they obtain from their victims and wreak havoc on network resources, steal or delete files, and even commit industrial espionage or some other form of fraud against the organization they attack. Social engineering is different from physical security exploits, such as shoulder surfing and dumpster diving, but they are related and often are used in tandem.
Here are some examples of social engineering:
False support personnel claim ...