The Social Engineering Target Selection

In a previous blog post I told you about the two approaches for social engineering attacks. The structured approach has the following steps.

  1. The OSINT Process
  2. The target selection
  3. Profiling the target
  4. Target specific OSINT
  5. The attack preparation
  6. The attack execution

Today we dive deeper into the target selection process.

The Target

The target is anybody who can bring you to your objective, which is a company asset. That is simple, but the art is figuring out who could have that access.

The second problem we need to take into account is that you often have no relationship with the target and thus you will need to build that relationship.

This is where you have a choice either you approach the target directly or you get introduced by a trusted party. Either way you will need to build trust which remains the basis of any relationship.

2 degrees of separation

Everybody who is familiar with the six degrees of Kevin Bacon might intuitively understand this. The idea is that we need to look at who the target knows and who we can target to introduce us to the target. Well, based on the work of Bill Binney I would say 2 degrees is the maximum.

This means if I want to talk to your boss, I can start by talking to your child. Who will introduce me to you and you might, if I play my cards right, introduce me to your boss. It is nothing odd.

This concept is based on trust-by proxy, a concept we use in our daily life all the time and most of the time it works.

In the next post I will be diving into profiling the human, in order to better make the approach.