Tweet
An attacker will look for targets of oppotunity or potential victims who have the most to offer. Some common targets include receptionists, help desk personnel, users, executives, system administrators, and outside vendors.
One of the first people visitors see in many companies are receptionists and they are prime targets. They see a lot of people go in and out of an office, and they hear a lot of things. Establishing a rapport with these individuals can easily yield inormation that can be useful on its own or for future attacks.
Help desk personnel offer another tempting and valuable target due to the information they may have about infrastructure, and other useful information. Filing fake support requests or asking these personnel leading-questions can yield valuable information.
System administrators can also be valuable targets of oppotunity, again due to the information they possess. The typical administratior can be counted on to have very high-level knowledge of an infrastructure and applications as well as future development plans. Some system administrators possess far-reaching knowledge about the entire company's network and intrastructure. Given the right enticements and some effort, these targets can yield tremendous amounts of information.
In a modern company the workload is often very high. So high that employees might take shortcuts and they might keep quiet about issues because the day-to-day work would be even more stressful if these shourtcuts were to be inaccessable. This could be the use of backdoor accounts to do a quick fix without going through the hassle of going through the official change procedures. These accounts may be unmonitored or even accounts owned by former employees that were never deleted and forgotten about. A successful social engineering attack might reveal information of this nature.
As a social engineer you goal is to be seen. Sneaky behaviour will likely raise suspicion. Walk around as if you belong there. This also has the benefit that employees will start to recognize your face and think you belong in the organization. Engange in small-talk, hang out at the favorite smoking spot or join other employees at lunch. Other employees will see you talking and convince them that you work or have legal business at the location.
One of the first people visitors see in many companies are receptionists and they are prime targets. They see a lot of people go in and out of an office, and they hear a lot of things. Establishing a rapport with these individuals can easily yield inormation that can be useful on its own or for future attacks.
Help desk personnel offer another tempting and valuable target due to the information they may have about infrastructure, and other useful information. Filing fake support requests or asking these personnel leading-questions can yield valuable information.
System administrators can also be valuable targets of oppotunity, again due to the information they possess. The typical administratior can be counted on to have very high-level knowledge of an infrastructure and applications as well as future development plans. Some system administrators possess far-reaching knowledge about the entire company's network and intrastructure. Given the right enticements and some effort, these targets can yield tremendous amounts of information.
In a modern company the workload is often very high. So high that employees might take shortcuts and they might keep quiet about issues because the day-to-day work would be even more stressful if these shourtcuts were to be inaccessable. This could be the use of backdoor accounts to do a quick fix without going through the hassle of going through the official change procedures. These accounts may be unmonitored or even accounts owned by former employees that were never deleted and forgotten about. A successful social engineering attack might reveal information of this nature.
As a social engineer you goal is to be seen. Sneaky behaviour will likely raise suspicion. Walk around as if you belong there. This also has the benefit that employees will start to recognize your face and think you belong in the organization. Engange in small-talk, hang out at the favorite smoking spot or join other employees at lunch. Other employees will see you talking and convince them that you work or have legal business at the location.