What do u know about social engineering?

It’s a fancy name for acting.

Social engineering means not primarily exploiting security holes on a technical level, but to coax people into hacking themselves.

Typically, you'd do some research about the company and their staff to add credibility, e.g. for claiming to act on someone's order:

"Yeah hi, Tom here, I'm new in sales, I think Sarah [head of accounting] told you already."

Accounting guy: "Uhm, no, she didn't?!"

"Well Mark [from purchase] quit last week [true!], so I'm his replacement and try to get traction. We have that [fake!] invoice here, and the supplier asked to quickly pay him because they really need the money right now, can you do that on the quick please?"

Also, the impersonator has sent the bogus invoice to his victim while faking his email from-header to be from within the company.

Thing is, you can find out much of the credibility stuff just by closely watching LinkedIn and the like.

Gimme $10 and ill tell you

@ganjaman pay(10);