Planning for each type of social engineering attack
The primary objective of a social engineering attack is to either obtain confidential information from the victim or manipulate them into performing an action to help you compromise the target system or organization. However, to get started with any type of attack, a lot of research must be done to find out how the target functions; as an aspiring penetration tester, you need to find answers to questions such as the following:
- Does the target organization outsource its IT services?
- Does the target have a help desk?
- Who are the high-profile employees?
- What is the email address format used by the organization?
- What are the email addresses of the employees?
In addition to conducting research, when performing social engineering, you must be able to strategize quickly and read the victim's emotions regarding how they react to you.
As a penetration tester, it's good to develop the following skills...