The 2015 social engineering survival guide
Despite being an integral aspect of many, if not most, major attacks, social engineering tactics always seem to go underappreciated by enterprise security teams. However, it’s often easier to trick someone into opening an email and exploiting a vulnerability that way, or convincing an unsuspecting assistant to provide a few useful bits of information, than it is to directly attack a web application or network connection.
So, when attackers employ social engineering tactics, what exactly are they doing? Think of social engineering as the act of exploiting people instead of computer systems. That exploitation can come in the forms of convincing someone to provide physical entrance to the data center (perhaps by acting like an insider or service tech) or tricking someone into offering a password and user ID over the phone.