Tweet
Social Engineering consists of multiple phases, each designed to move the attacker one step closer to the end goal.
The social engineering phases consist of the following steps
The four phases can also be looked at as three distinct components of the social engineering process
The social engineering phases consist of the following steps
- Gather information and details about the target through research and observation. Sources of information can include dumpster diving, phishing, websites, employees, company tours, or other interactions.
- Select a specific individual or group that may have access or information that you need to get closer to the desired target. Look for sources such as people who are frustrated, overconfident, or arrogant and willing to provide information readily.
- Forge a relationship with the intended victim through conversations, discussions, e-mails, or other means.
- Exploit the relationship with the victim, and extract the desired information.
The four phases can also be looked at as three distinct components of the social engineering process
- Research - equal to phase 1
- Develop - phase 2 & 3
- Exploit - Phase 4