As an attack route supporting the kill chain, social engineering focuses on the nontechnical aspects of an attack that take advantage of a person trust and innate helpfulness to deceive and manipulate them into compromising a network and its resources.
The success of social engineering attacks relies on two key factors:
- The knowledge that is gained during the reconnaissance phase. The attacker must know the names and usernames associated with the target; more importantly, the attacker must understand the concerns of the users on the network.
- Understanding how to apply this knowledge to convince potential targets to activate the attack by clicking on a link, or executing a program. For example, if the target company has just merged with a former competitor...