information or getting them to do something
                   that is against typical policies. A hacker can
                   obtain information about a target from the
                   internet, new papers, employees, employee
                   family members, consultants, vendors,
                   customers, and security experts.

                   Social Engineering Techniques

                   The following are techniques that might be
                   used by an attacker in order to gain access to a
                   company:

                       •  Authority
                              o  Attackers pose as victim’s boss,
                                 boss’s secretary, or other
                                 company leadership
                       •  Strong Emotion
                              o  Get victim into heightened
                                 emotional state so they don’t
                                 pay as much attention to the
                                 details/facts
                       •  Overloading
                              o  Provide more information than
                                 target can handle so wrong
                                 statements go unnoticed
                       •  Reciprocation
                              o  If a stranger does you a favor,
                                 then asks you for a favor, don’t
                                 reciprocate without thinking






                                                               408