An introduction to social engineering was released by the UK Computer Emergency Response Team (CERT) on January 21, 2015:
Social engineering is a prolific and effective means of gaining access to the secure systems and sensitive information of an organisation. Attacks vary from bulk phishing emails to highly targeted, multi-layered techniques. These attacks often prey on common aspects of human psychology such as curiosity and greed and do not necessarily require a great deal of technical ability.
Organisations need to be aware of this unique cyber-threat and take precautions to prevent falling victim to a social engineering attack and respond appropriately if the worst happens. This paper provides readers with an overview of the techniques used and the steps that can be taken to help you protect your organisation’s information.
The paper includes an overview wide-scale attacks such as phishing and baiting, as well as focused attacks involving spear phishing, watering hole attacks, attacking on multiple fronts, and physical baiting.
You can download the paper from CERT-UK (pdf, 10 pp.)
h/t, Public Intelligence