Human Attacks
Before I talk about different type of social engineering attacks, I would like to take a quote from Chris Hadnagy’s book, The Science of Human Hacking. He says, “A professional social engineer's goal is to educate and assist rather than humiliate to win.” The whole purpose of this chapter is for you to understand the way most people make decisions and how to help organizations educate their end users how to recognize if someone is trying to take advantage of them for gain. Education and training is one of the most important things you can do to secure your organization, but unfortunately, one of the first things to get cut out of a budget.
If you are doing any social engineering campaign, just like any penetration test, it must be documented and permission must be given. You also have to be careful with any type of impersonation. I had a student take my Metasploit class as a result of a decision he made to internally phish his organization and impersonate...
