The attacker gathers information through different means included but not limited to social media or a search engine such as google.
Using both the information and the relationship to actively infiltrate the target for example calling someone pretending to be from the IT Department (relationship) asking for a specific employee (information gathering) and asking them for their password.
2. Establish a Relationship
Establish a working relationship with a target for example pretending to need help and taking advantage of the good nature of the victim.
When the goal of the attack is accomplished, usually without the target even questioning what happened until it is too late.
03. Social Engineering Vectors
This are some of the possible attack vectors for a malicious agent, however more creative attackers can find multiple other numerous ways to do this.
Vishing: using social engineering over telephone system to gain access to private personal and business information from the public for the purpose of financial reward.
Phishing: technique of fraudulently obtaining private information, usually through e-mails that appear legitimate and requesting verification of information. The e-mail usually contains a link to fraudulent web page that seems legitimate.
Smishing: the use of SMS messaging to lure victims into a specific course of action.
Impersonation: pretending to be another person with the goa lof gaining access physically to a system or building.