You are trying to break into a highly secure mainframe system at a bank. Conventional hacking doesn't work because of strong technical defenses. You aim to exploit the human element instead.
How would you proceed?
A.
Look for zero-day exploits at underground hacker websites and buy them
B.
Try to hang around local pubs or restaurants near the bank, get talking to a disgruntled employee, and offer them money for sensitive access
C.
Launch a DDoS attack using thousands of zombies
D.
Conduct a Man-in-the-Middle (MiTM) attack using DNS cache poisoning
This is a classic example of social engineering. When a system is well-secured technically, attackers often turn to exploiting human vulnerabilities — such as:
Talking to employees and gaining their trust
Bribing disgruntled or low-level staff
Gaining physical access or insider information through manipulation
From CEH v13 Courseware:
Module 7: Social Engineering
Incorrect Options:
A: Zero-days are rare and expensive; not always feasible.
C: DDoS is disruptive, not data-oriented.
D: MiTM is a complex network-based attack, unlikely effective against a hardened internal mainframe.
[Reference:CEH v13 Study Guide – Module 7: Psychological Approaches to Social EngineeringKevin Mitnick’s “The Art of Deception” – Real-world examples of insider targeting, , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit