Social engineering attacks exploit psychological behaviors and use tricks to make the victim do something for the attacker. The basic principles of these behaviors are extensively researched and well documented, for example by R. Cialdini: Influence Science and Practice. Social engineering attacks are easier and more successful if you scout the victim and his environment in the run and analyze his personality.

Based on this psychological profile, the attack can be better tailored or even custom-made. Therefore, the talk discusses several scientifically sound methods and tools to analyze the personality of the victim. Also some possibilities of organizational analysis are presented to analyse the closer environment. Finally, I will show which methods can be used electronically, for example in spear phishing.

ZG

Publikationen