In a few words, this is an attack that normally serves hackers to gain access to enterprise networks or to target individuals, depending on the purpose of the attack.
The purpose of this article is to highlight the importance of privacy security on the Internet and how this is related with social engineering. An example of social engineering attack involves the attacker, the victim and the information retrieval. Imagine that you post on facebook some destinations and places that you have visited and you have described them with enthusiasm. An attacker could exploit this information so as to call you up (find your number in a catalog or even from facebook or send an e-mail). Then the attacker asks you to give your personal information, with the excuse that you’ve won a money price from a lottery, made for a Hotels customers, in which you had stayed as long as you were visiting the places you describe in your profile. Probably you might trust him and give him information about you, even your social security number or possibly your bank account. The next step is to call your bank and pretend to be you, claiming that your online account was blocked and you will need a new password. The data that the bank will require are already in attackers disposal and the request can go on. This is an easy way to lose money and not be aware of the fact at all, at least not in the beginning.
It is one of many examples, which occur in everyday life, but most of us dont know the dangers that exist, while overexposing so many personal data. Even bigger is the risk for companies, especially if we think the increasing use of Linkedin, which is a social network designed exclusively for professionals. Many users publish their CV and often share it with people they have never met. There are many ways an attacker can exploit such information and they can lead to a breach a companys infrastructure and jeopardize sensitive data and business continuity.