Social engineering stories from the front lines

It’s always amazing how little attention social engineering attacks get when discussing enterprise information security risks. After all, it’s usually easier to get an unsuspecting employee to click on a link than it is to find an exploitable vulnerability on a reasonably hardened webserver. Social engineering attacks come from many different angles: from targeted e-mails, phone call pretexting, or acting like a service technician or other innocuous person to obtain access to the IT resources and data they seek.

But how do successful social engineering attacks happen in reality, when conducted either by ethical hacker penetration teams or criminal attackers? To get an answer, we reached out to a number of security professionals and ethical hackers who face, or perform, social engineering attacks as part of their job.

To read this article in full or to leave a comment, please click here