2. What Is Social Engineering? The art of manipulating people and getting them to do what you want. “Social Engineering - A euphemism for non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threat - used to attack information systems.” "Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick.
3. Common Types of Social Engineering Human-based Computer-based
4. Personality Traits Diffusion of responsibility Chance for ingratiation Trust relationship Moral duty Guilt Identification Desire to be Helpful Cooperation
5. Techniques for persuasion A Direct Route Systematic and logical statement A Peripheral Route Beat around the Bush Trigger strong emotions such as fear and excitement.
6. Human Based methods Impersonating Intimidation Creating confusion May I help you? Can you help me? Building Trust Ask and It shall be given unto you seek and ye shall find. Dumpster Diving
7. Computer Based Popup Windows Mail attachments Spam, Chain Letters and Hoaxes Phishing Websites USB devices Key loggers
8. Social Engineering Toolkit The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
11. How to Identify A Social Engineer? Does not provide contact information Always asks for forbidden information Rushing Activities Name-dropping Intimidation Observe for Small mistakes