Chapter 8. Influencing Your Victims: Do What We Tell You, Please
The new generation of attackers doesn’t want to target only networks, operating systems, and applications. These attackers also want to target the people who have access to the data they want to get a hold of. It is sometimes easier for an attacker to get what she wants by influencing and manipulating a human being than it is to invest a lot of time finding and exploiting a technical vulnerability.
In this chapter, we will look at the crafty techniques attackers employ to discover information about people in order to influence them. From reading profiles on social networking sites to breaking old-school authentication to conducting a personality analysis simply by studying someone’s calendar to building a dashboard portraying the victim’s psyche, the various avenues and techniques available to attackers to perform social engineering against humans is stunning.
The Calendar Is a Gold Mine
An attacker can leverage a lot of information just by looking at her intended victim’s calendar; the attacker can then use that information to influence the victim by way of social engineering. Yet, not much emphasis has been paid to this topic in the past, so we will dedicate an entire section to discussing the various ways a malicious person can use information on calendars to influence a given person or an organization.
An attacker can tell a lot about her intended victim by looking at the victim’s calendar. The attacker can gather ...