2021-10-16, 16:30–17:10, Main room
Nowadays, the majority of cyber attacks involves a social engineering component: a fraudulent email leading to the exposure of an information system to a ransomware, an external person posing as an employee in order to steal sensitive information, etc. Social engineering is a very effective way for attackers to achieve their goals, but how do they go about it? And most importantly, why does it work so well? What psychological mechanisms are used to initiate a successful social engineering attack?
In this conference we will begin by explaining the "Investigate-Hook-Play-Exit" model, then we will talk about the psychological tools of social engineering: various cognitive biases, Korman's self-consistency theory, reciprocity, etc. We will also study techniques for establishing contact, elicitation, as well as the principle of reverse sting. Through case studies, this conference has two main objectives: to serve as a working basis to use social engineering in an offensive context and (above all) to raise awareness in order to limit the impact of social engineering on the safety of information systems.