Social engineering comes from two words, social and engineering, where social refers to our day-to-day lives—which includes both personal and professional lives—while engineering means a defined way of performing a task by following certain steps to achieving the target.

Phases in a social engineering attack

A social engineering attack is a continuous process that starts with initial research, which is the starting phase, until its completion, when the social engineer ends the conversation. The conversation is a brief coverage of the four phases that the social engineer follows to perform an attack.

Research:-

In the research phase, the attacker tries to gather information about the target company. The information about the target can be collected from various resources and means, such as dumpster diving, the company’s website, public documents, physical interactions, and so on. Research is necessary when targeting a single user.

Hook:-

In this phase the attacker makes the initial move by trying to start a conversation with the selected target after the completion of the research phase.

Play:-

The main purpose of this step is to make the relationship stronger and continue the dialog to exploit the relationship and get the desired information for which the communication was initiated.

Exit:-

This is the last phase of the social engineering attack, in which the social engineer walks out of the attack scene or stops the communication with the target without creating a scene or doing anything that will make the target suspicious.

Next tutorials, I will discuss about “Human-based social engineering“

Thanks…