Run payload on target device

Social engineering is all about the psychology of persuasion: It targets the mind. The aim is to gain the trust of targets, so they lower their guard, and then encourage them into taking unsafe actions. It:

• Targets people and non-technical processes

• May target weak physical and operational security

• Can also use some technical tools - email, websites, social media hacking, etc.

• Includes several different methods and techniques

• Requires patience, the ability to think quickly on your feet, acting ability, resourcefulness and observation skills

• Needs people skills!

Attack tree

1 Download payload into device (AND)
    1.1 Phishing (OR)
    1.2 Spoofing (OR)
    1.3 Scamming (OR)
    1.4 Advertisement (OR)
    1.5 Website (OR)
    1.6 Social media (OR)
        1.6.1 Invisible popups (OR)
        1.6.2 Clickjacking
    1.7 Removable media (OR)
    1.8 Attach to software (OR)
    ...
2 Execute payload on device
    2.1 Exploit unpatched system (OR)
    2.2 Exploit configuration vulnerability (OR)
    2.3 Use zero-day exploit (OR)
    ...