In any battle, there is no better knowledge than knowing about the enemy's tactics. This chapter will introduce you to the world of social engineering and look at what social engineering is all about. Social engineering is a set of techniques that are widely being used in cyberattacks to orchestrate some of the most successful attacks. Social engineering uniquely targets a weak component in the cybersecurity chain—the user. Unlike systems and networks, users cannot be protected from social engineering by means of expensive tools, such as firewalls and antivirus programs. They are always in the open and they are always giving out information that can be used by attackers to hit them when least expected. People also have the higher return on investment compared to systems. Within an hour, a social engineering expert can make away with as much information as it would have taken him or her 100 hours to gather trying to attack a protected system directly. Attackers are aware of the current sophistication of the security elements that protect systems. Most organizations use multiple layers of security. Even if one is compromised, the hacker cannot get past the others easily. It has, therefore, become harder to try to attack the systems themselves. At the same time, hackers are discovering that it is easy to hack today's users and this has been confirmed by the rising number of mediated social engineering attacks. This chapter will give an overview of social engineering. It will cover the following topics:
- Elicitation
- Pretexting
- Mind tricks
- Persuasion
- Tools used in social engineering