carefully about what he’s asking
                                 for
                       •  Deceptive Relationships
                              o  Depending on the target, an
                                 attacker may build a
                                 relationship over years just to
                                 exploit it
                       •  Integrity and Consistency
                              o  People will even carry out
                                 commitments they believe were
                                 made by their fellow employees
                       •  Social Proof
                              o  People usually rely on what
                                 other people are doing or saying
                                 to a certain degree

                   Additional SE techniques include pretexting,
                   diversion theft, phishing/spear phishing,
                   water holing, baiting, quid pro quo, tailgating,
                   vishing.

                   A popular social engineering tool is the social
                   engineering toolkit sponsored by TrustedSec
                   and is an open-source penetration testing
                   framework designed for social engineering.

                   On-Location Gathering Penetration Testing
                   Execution Standard

                   Selecting specific locations for onsite
                   gathering, and then performing




                                                               409