Unlike network and web application penetration testing, the impact of social engineering can extend beyond the confines of a laptop or server. When you’re interacting with real people, you have to take special precautions to avoid hurting them.

You must also make sure you abide by the laws in your area, as well as the location of any potential people or businesses you’ll be targeting. While there may not be a legal precedent that directs you to collect OSINT in a specific way—or restricts you from collecting OSINT at all—some laws, like the European Union (EU) General Data Protection Regulation ...