In-Person Social Engineering
MORE ATTACKS AND EXPLOITS
- Elicitation
- Gathering info about a system from authorized users
- Interrogation
- Informal interviews with crafted questions to extract info
- Impersonation
- Pretending to be someone with authority
- Shoulder surfing
- Watching as someone enters a username, password, PIN, etc
- USB key drop
MOTIVATION TECHNIQUES
- Motivation techniques
- Authority
- Scarcity
- Social proof
- Urgency
- Likeness
- Fear
QUICK REVIEW
- In-person social engineering often works because few people will confront someone face-to-face.
- A good social engineering attacker can smooth-talk their way around many controls
- Many computer users fail to understand how dangerous USB keys can be
- Dropped USB keys will often be used for devious access to computers