IN THIS CHAPTER

Understanding social engineering

Examining the ramifications of social engineering

Performing social engineering tests

Protecting your organization against social engineering

Social engineering takes advantage of one of the weakest links in any organization’s information security defenses: people. Social engineering is people hacking; it involves maliciously exploiting the trusting nature of human beings to obtain information that can be used for personal gain.

Social engineering is one of the toughest hacks to perpetrate because it takes bravado and skill to come across as trustworthy to a stranger. It’s also by far the toughest thing to protect against, because people who are making their own security decisions are involved.

In this chapter, I explore the consequences of social engineering, techniques for your own security testing efforts, and specific countermeasures to defend against social engineering.

Introducing Social Engineering

In a social engineering scenario, those with ill intent pose as someone else to gain information ...