Author: Aditya K, Senior Manager – Risk Management, IndiGo.
Social engineering is the use of psychological and social manipulation techniques by malicious hackers to obtain and exploit sensitive information. The same approach could be used by ethical hackers/penetration testers to test an organization’s preparedness against them and detect any vulnerabilities present. This manuscript discusses the role of social engineering in penetration testing along with its different types, and how the penetration tester could use these to exploit an organization’s security infrastructure. This manuscript divides the multiple types of social engineering attacks into a classification based on the presence of an ethical hacker and discusses its mitigation methods. The manuscript also discusses different psychological principles that could be used in conjunction with the social engineering attacks to increase the success rate.