How To Gather Information

How to gather information to support professional social engineering exercises is much the same as research you do for anything else. You need a goal in mind when you start in order to keep the research focused. Having a clear objective helps you determine a couple of things. First, what information is relevant to the end goal.  And second, what information to ignore. This holds true both for the information you gather and also for how you gather it.  


The telephone provides an anonymous (to a point) way of obtaining information. The drawback to using the telephone is caller ID and tracing.  A simple phone call can reveal many things. For instance, the company’s name, the name of the person who answered the phone, and so much more. After completing the initial phone, the social engineer can phone back. Now using the information obtained previously to obtain even more information.

How To Gather Information

Fake Websites – Phishing

Another way to obtain information is to create a website that looks legitimate for the company. This could possibly be their own intranet site, or a survey site that an employee would fill out. This site won’t take you to the real site, but will take you to a fake site that the social engineer owns (see Phishing). The answers provided by the employee can give the social engineer the information they need to attain their goal.


Tailgating is also referred to as Piggybacking. This is occurs when a person gains access to a secured building even if  smart card passes or biometrics, are in use. Under normal situations, smart card passes or biometrics can prevent unauthorized personnel from gaining access to systems and networks. However, people,  are unfortunately, sometimes too helpful. As a result, they sometimes allow an ‘employee’ to enter in a locked door behind them. Why would they do this?  They may feel sorry for the ’employee’ who is searching for their fake pass.  Or, normal courtesy such as keeping the door open for the ‘employee’ who is running up behind them.

Social Networking Sites

Type in a name of a co-worker or friend and see how many hits or matches appear with their information. MySpace, Facebook, Twitter, LinkedIn and others help people get connected, but they also help social engineers collect information about you and about your friends and family. Social Engineering can be purely psychological, using information gathered about a person to obtain more information.


Intrusion is considered actually entering the building or property of the target and obtaining information. Posing as an employee, an outside contractor, or even an IT administrator, the social engineer can ask questions or offer to fix issues (see Pretexting and Elicitation)

Reverse Social Engineering

A social engineer can also plant a rogue access point or attempt to access authorized areas with information received earlier from the telephone, emails or websites. Reverse social engineering is the practice of having already accessed the goal machine or network and rendered it unusable; then offering to ‘fix it’. An excellent remote device is something like this device that sends audio or allows you to listen in through a standard GSM card.


Maltego is a tool made by Paterva that is a information gathering tool to the extreme. It not only gathers information and organizes it, but also helps you put it into order of importance.

Shoulder Surfing

One of the easier ways of social engineering, simply look over the targets’ shoulder and a plethora of information can be obtained, commonly called shoulder surfing. Information obtained can range from user id’s to passwords to secret data seen in plain text.

In the following is a video by European Network and Information Security Agency  shows how easy it is to shoulder surf:

Original source: YouTube.