Formulating The Social Engineering Attack.
Once the social engineer has researched his target, collected every bit of Information of relevance, evaluated It for vulnerabilities and then Identified how the target operates, the next step Is to "formulate (prepare) his attack" based on his findings.
Preparation CANNOT take place without researching the target, and analyzing the Information thereafter. How so you ask? Well, the social engineer needs to prepare his attack based on something, and that "something" Is the data collected during his research. The evaluation of the data, will assist In the preparation process.
For Instance, If the SE'er ordered an Item from an online store and wants to refund It by using the "DNA" (Did Not Arrive) method, he then needs to read their terms to see who's responsible for loss of goods during transit. If the company Is not accountable, then the SE'er will have to opt for another method.
The social engineer Is very methodical and calculated on how he will setup his method/attack. In terms of SEing a company, he will Identify the grounds on which refunds/replacements are Issued, whether CCTV cameras are In place when picking & packing orders, the type of carrier used, the warranty period for selected Items and the list goes on.
All this Information, will allow the social engineer to make an Informed decision on how he will formulate his attack, as well as selecting the most suitable method against the Item In question. On completion, he's ready to execute the attack against his target.
Once the social engineer has researched his target, collected every bit of Information of relevance, evaluated It for vulnerabilities and then Identified how the target operates, the next step Is to "formulate (prepare) his attack" based on his findings.
Preparation CANNOT take place without researching the target, and analyzing the Information thereafter. How so you ask? Well, the social engineer needs to prepare his attack based on something, and that "something" Is the data collected during his research. The evaluation of the data, will assist In the preparation process.
For Instance, If the SE'er ordered an Item from an online store and wants to refund It by using the "DNA" (Did Not Arrive) method, he then needs to read their terms to see who's responsible for loss of goods during transit. If the company Is not accountable, then the SE'er will have to opt for another method.
The social engineer Is very methodical and calculated on how he will setup his method/attack. In terms of SEing a company, he will Identify the grounds on which refunds/replacements are Issued, whether CCTV cameras are In place when picking & packing orders, the type of carrier used, the warranty period for selected Items and the list goes on.
All this Information, will allow the social engineer to make an Informed decision on how he will formulate his attack, as well as selecting the most suitable method against the Item In question. On completion, he's ready to execute the attack against his target.