The Social Engineering Framework

The Social Engineering Framework is a searchable information resource for people wishing to learn more about the psychological, physical and historical aspects of social engineering. Please use the index below to find a topic that interests you.

Framework Sections

Section Articles

Non-Traditional

Non-traditional sources are less obvious and often overlooked information sources. It’s possible they can provide data that a corporate security awareness program wouldn’t or couldn’t take into account.

List of Sources

The following list covers some non-traditional sources:

  • Industry experts or subject matter experts (SME) can provide detailed information about an area without providing anything regarding the target company. If the industry is somewhat standardized then the data can be overlayed and compared against the target to reveal possible vulnerabilities to SE.
  • “When in Rome, do what the Romans do”. Engaging in activities or frequenting places that employees from the target company also do/visit is an excellent opportunity to elicit information. Proximity to the employees provides opportunities for conversation, eavesdropping, or possibly even covert cloning of RFID cards.
  • Dumpster diving┬áis a well documented vector for gathering information.