Social engineering is in a way the art of hacking humans. Inside the system and working with it is the human being, which is frequently the easiest component to hack. Human beings tend to be fairly easy to obtain information from.
While this is a complex matter and a huge area to dive in to, here are some important parts of information gathering related to the process of footprinting.
Eavesdropping
This is the practice of covertly listening in on the conversations of others. It includes listening to conversations or just reading correspondence in the form of faxes or memos. Listening in on conversations does not require wiretapping and can be performed simply by being in the vicinity of a conversation. Under the right conditions, you can glean a good amount of insider information using this technique.
Shoulder Surfing
This is the act of standing behind a victim while they interact with a computer system while they are processing secret information. Using shoulder surfing allows you to gain passwords, account numbers, or other secrets.
Dumpster Diving
This is one of the oldest means of social engineering, but it is still an effective one. Going through a victim's trash can easily yield bank accounts, phone records, source code, sticky notes, CDs, DVDs, and other similar items. All of this is potentially damaging information in the wrong hands. If a target organization does not have a policy on how to discard classified information in the form of paper, or stored on disks or USB sticks, most will not be destroyed in a secure manner, but likely end up in a publicly accessible container.
While this is a complex matter and a huge area to dive in to, here are some important parts of information gathering related to the process of footprinting.
Eavesdropping
This is the practice of covertly listening in on the conversations of others. It includes listening to conversations or just reading correspondence in the form of faxes or memos. Listening in on conversations does not require wiretapping and can be performed simply by being in the vicinity of a conversation. Under the right conditions, you can glean a good amount of insider information using this technique.
Shoulder Surfing
This is the act of standing behind a victim while they interact with a computer system while they are processing secret information. Using shoulder surfing allows you to gain passwords, account numbers, or other secrets.
Dumpster Diving
This is one of the oldest means of social engineering, but it is still an effective one. Going through a victim's trash can easily yield bank accounts, phone records, source code, sticky notes, CDs, DVDs, and other similar items. All of this is potentially damaging information in the wrong hands. If a target organization does not have a policy on how to discard classified information in the form of paper, or stored on disks or USB sticks, most will not be destroyed in a secure manner, but likely end up in a publicly accessible container.