issuhub.com

CEH

(Jeff_L) #1

What Is Social Engineering? 239


engineer can observe these habits and use them to track people or follow the actions of
groups, and gain entry to buildings or access to information.


Social-Engineering Phases


Social engineering, like the other attacks we have explored in this book, consists of
multiple phases, each designed to move the attacker one step closer to the ultimate goal.
Let’s look at each of these phases and how the information gained from one leads to
the next:



  1. Gather information and details about a target through research and observation.
    Sources of information can include dumpster diving, phishing, websites, employees,
    company tours, or other interactions.

  2. Select a specific individual or group that may have the access or information you need
    to get closer to the desired target. Look for sources such as people who are frustrated,
    overconfident, or arrogant and willing to provide information readily.

  3. Forge a relationship with the intended victim through conversations, discussions,
    e-mails, or other means.

  4. Exploit the relationship with the victim, and extract the desired information.


You can also look at these four phases as three distinct components of the social-
engineering process:


■ Research (step 1)


■ Develop (steps 2 and 3)


■ Exploit (step 4)


EC-Council recommends watching movies such as Catch Me If You

Can, The Italian Job, and Matchstick Men as great ways to observe

different types of social engineering in action. Catch Me If You Can is a

dramatization of the exploits of a real-life social engineer. If you watch

these movies, pay close attention to the different ways social-engineering

techniques can be employed, how they work, and why they are effective.

What Is the Impact of Social Engineering?


Social engineering can have many potential outcomes on an organization, some obvious
and some less so. It is important that you understand each of these, because they can have
far-reaching effects:


Economic Loss This one is fairly obvious. A social engineer may cause a company or
organization to lose money through deception, lost productivity, or identity theft.

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.