Social engineering is one of the most common attack vectors used by cyber criminals to enter companies. These manipulative attacks often occur in four stages:
- Info stealing from targets
- Building relationships with target and earning trust
- Exploitation: Convincing the target to take an action
- Execution: Collected info is used to launch attack
Five Intelligence Sources
So, how do attackers collect information about their targets? Cybercriminals can employ five types of intelligence to obtain and analyze information about their targets. They are:
1. OSINT (open-source intelligence)
OSINT is a hacking technique used to gather and evaluate publicly available information about organizations and their employees.
OSINT technologies can help threat actors learn about their target’s IT and security infrastructure, exploitable assets including open ports and email addresses, IP addresses, vulnerabilities in websites, servers, and IoT (Internet of Things) devices, leaked or stolen passwords, and more. Attackers use this information to conduct social engineering assaults.