Conduct social engineering

Social Engineering is the practice of manipulating people in order to get them to divulge information or take an action. [1] [2]

ID: T1249
Sub-techniques:  No sub-techniques
Tactic: Technical Information Gathering
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Similar Techniques by Tactic

Tactic Technique
Organizational Information Gathering Conduct social engineering
People Information Gathering Conduct social engineering

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: No technical means to detect an adversary collecting technical information about a target. Any detection would be based upon strong OPSEC policy implementation.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Very effective technique for the adversary that does not require any formal training and relies upon finding just one person who exhibits poor judgement.

References

  1. Mathew J. Schwartz. (2011, September 14). Social Engineering Leads APT Attack Vectors. Retrieved March 5, 2017.
  1. Gary Beach. (2003, October 1). Kevin Mitnick on Social Engineering Hackers. Retrieved March 5, 2017.