Conduct social engineering

Social Engineering is the practice of manipulating people in order to get them to divulge information or take an action. [1] [2]

ID: T1249

Tactic: Technical Information Gathering

Version: 1.0

Similar Techniques by Tactic

Organizational Information GatheringConduct social engineering
People Information GatheringConduct social engineering


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: No technical means to detect an adversary collecting technical information about a target. Any detection would be based upon strong OPSEC policy implementation.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Very effective technique for the adversary that does not require any formal training and relies upon finding just one person who exhibits poor judgement.


  1. Mathew J. Schwartz. (2011, September 14). Social Engineering Leads APT Attack Vectors. Retrieved March 5, 2017.
  1. Gary Beach. (2003, October 1). Kevin Mitnick on Social Engineering Hackers. Retrieved March 5, 2017.