IN THIS CHAPTER

Understanding social engineering

Examining the ramifications of social engineering

Performing social engineering tests

Protecting your organization against social engineering

Social engineering takes advantage of what’s likely the weakest link in any organization’s information security defenses: people. Social engineering is people hacking; it involves maliciously exploiting the trusting nature of human beings to obtain information that can be used for personal — and often political — gain.

Even with the challenges society has with expediency (wanting things now, no matter what the cost) and lack of critical thinking (or, just not thinking), social engineering is one of the toughest hacks to perpetrate because it takes bravado and skill to come across as trustworthy to a stranger. By far, it’s also the toughest thing to protect against because, again, people are involved, and they’re often making their own security decisions.

This chapter explores the consequences of social engineering, techniques for your own security testing efforts, ...