I don't say a place got "socially engineered"

That phrasing, while clinical and professional, hides some of the simplicity of what happened.

I say an attacker "called up and asked nicely"

"The company was breached after a hacker socially engineered a support rep" vs "The company was breached after a support rep gave passwords to someone who called up and asked nicely"

So much yes.

Catfishing is social engineering. It requires planning and design and structure to achieve a result.

Most of what people call social engineering is exactly what you describe.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.