Ugrás a fő tartalomhoz

CEH v10: 09 Social Engineering

Certified Ethical Hacker v10 Chapter 09: Social Engineering.

Social engineering is an act of stealing information from humans.

  • No interaction with target system or network
  • Non-technical attack
  • Convincing the target to reveal information

One of the major vulnerability which leads to this type of attack is "Trust". User trust in another user and does not secure their credentials from them.

Employees are uneducated at organizations, so this is a major vulnerability.

Lack of security policies and privacy are also vulnerable.

Steps of Social Engineering


  • Collection of information from the target organization
  • Collected by dumpster diving, scanning, search on the internet, ...

Select target

  • Select the target among other employees
  • A frustrated target is more preferred


  • Create relationship with the target
  • Earn the trust


  • Collecting sensitive information such as usernames, password, etc...

Social Engineering Techniques

##Types of Social Engineering

Human-based Social Engineering

One-to-one interaction with the target. Earn the trust to gather sensitive information from the target.


Pretend to be something or someone, pretending to be a legitimate user or authorized person. Impersonation is performed by identity theft.

Eavesdropping and Shoulder Surfing

Eavesdropping is a technique in which attacker is revealed information by listening to the conversation. Reading or accessing any source of information without being notified.

Shoulder Surfing is a method of gathering information by standing behind the target.

Dumpster Diving

Looking for treasure in trash.

Reverse Social Engineering

The attacker convinces the target of having a problem or might have in the future to get sensitive information.

Piggybacking and Tailgating

Piggybank is a technique in which attacker waits for an authorized person to gain entry in a restricted area. Tailgating is a technique in which attacker gains access to the restricted area by following the authorized person.

Computer-based Social Engineering


Attacker send fake emails which looks like legitimate email. When recipient opens the link, he is enticed for providing information.

Spear Phishing

Similar as phishing but it is focused on one target. Because of this, it is generate higher response rate.

Mobile-based Social Engineering

Publishing Malicious Apps

These applications are normally a replica or similar copy of a popular application.

Repackaging Legitimate Apps

Repack a legitimate app with a malware.

Fake Security Apps

Attacker develop a fake security app.

Insider Attack

Social Engineering is not all about a third person gathering information, it may be an insider with privileges.

Impersonation on Social Network Sites

Social Engineering Through Impersonation on Social Network Sites

Attacker gathers personal information of a target from different sources mostly from social network sites such as full name, date of birth, email address, residential address, etc. After gathering the information, the attacker create an account that is exactly the same. Then introduced to friends, group joined by the target to get updates or convince the target's friends to reveal information.

Risks of Social Network in a Corporate Networks

Social network sites is not secured enough as a corporate network secures the authentication. The major risk of social network is its vulnerability in the authentication. The employee while communicating on social network may not take care of sensitive information.

Identity Theft

  • Stealing the identification information of someone
  • Popularly used for frauds
  • Prove the fake identity to take advantage of it


  • Gathering information: full name, address, contacts, accounts, birth information, bill from social networks, dumpster diving, etc...
  • Fake identity proof: get fake IDs (driving licence, ID card, etc...)
  • Fraud: spend money, unauthorized access, use ID for frauds, etc...


  • Security of sensitive information
  • Physical security
  • Rotational duties
  • Monitoring
  • Controlled access
  • Least privileges
  • Strong policies
  • Training
  • Bio-metric authentication
  • Audit
  • Awareness


  • social engineering toolkit (linux)