TECHNIQUES
- Home
- Techniques
- PRE-ATT&CK
- Conduct social engineering
Conduct social engineering
Social Engineering is the practice of manipulating people in order to get them to divulge information or take an action. [1] [2]
ID: T1268
Sub-techniques:
No sub-techniques
Tactic:
People Information Gathering
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018
Similar Techniques by Tactic
Tactic | Technique |
---|---|
Organizational Information Gathering | Conduct social engineering |
Technical Information Gathering | Conduct social engineering |
Detection
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: No technical means to detect an adversary collecting information about a target. Any detection would be based upon strong OPSEC policy implementation.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Very effective technique for the adversary that does not require any formal training and relies upon finding just one person who exhibits poor judgement.
References
- Mathew J. Schwartz. (2011, September 14). Social Engineering Leads APT Attack Vectors. Retrieved March 5, 2017.
- Gary Beach. (2003, October 1). Kevin Mitnick on Social Engineering Hackers. Retrieved March 5, 2017.
×