Executive brief on how PCI DSS 4.0 affects offensive security practices, penetration testing, and segmentation testing. Watch Now

How Does Social Engineering Work? From Planning to Execution

Join our webcast as we navigate the complex terrain of social engineering, offering insights into its various stages from planning to execution, common phishing techniques, and the necessity of ongoing vigilance and proactive strategies to combat this pervasive issue.

In our technologically advanced society, social engineering poses a significant and growing threat. On average, organizations experience 700 social engineering attacks each year. Our comprehensive webcast will guide you through the intricate labyrinth of social engineering, demystifying its multifaceted stages from the initial planning to the final execution. Understand that social engineering is not merely an industry jargon but a pervasive reality that impacts us all, frequently unbeknownst to us.

Join our session to hear Dardan Prebreza, Senior Security Consultant, explore:

  • What social engineering is, including the most common phishing methods that are using to social engineer humans
  • How planning, OSINT, and profiling is conducted
  • Tools used for email-based phishing, smishing (SMS phishing) and vishing (voice phishing)
  • Innovative techniques that our Red Team has been deploying in recent months

With social engineering and phishing techniques evolving at a rapid pace, it's challenging to stay abreast of the latest tactics used by threat actors. That’s why organizations should view social engineering not as a one-off activity, but as a continuous process requiring constant vigilance and proactive strategies. Join us to stay updated and strengthen your defenses against social engineering attacks.


Session Summary

In this eye-opening webcast, Bishop Fox Senior Security Consultant Dardan Prebreza provides a deep dive into the world of social engineering—a threat vector that impacts organizations with approximately 700 attacks annually. Moving beyond simplistic explanations of phishing, Prebreza methodically breaks down the sophisticated attack chain that modern social engineers follow, from initial planning through execution and exploitation.

The session begins by establishing a foundational understanding of social engineering as a psychological manipulation technique rather than a purely technical attack, exploring how attackers leverage human cognitive biases and emotional responses to circumvent security controls. Prebreza then examines the critical reconnaissance phase, demonstrating how attackers use open-source intelligence (OSINT) and profiling techniques to gather organizational information, identify targets, and craft highly convincing pretexts.

The presentation showcases real-world tools and techniques used in various attack vectors, including email-based phishing, smishing (SMS phishing), and vishing (voice phishing), with particular attention to innovative approaches recently deployed by Bishop Fox's Red Team. Throughout the session, Prebreza emphasizes that social engineering has evolved far beyond obvious scam emails to become a sophisticated, multi-channel threat requiring continuous vigilance. The webcast concludes with practical guidance on developing a comprehensive defense strategy that combines technical controls, security awareness, and procedural safeguards to strengthen the human element of security.

Key Takeaways

  1. Social engineering attacks follow a sophisticated methodology - Modern attacks involve extensive planning, reconnaissance, and psychological manipulation rather than simple mass-phishing attempts.
  2. OSINT provides attackers with powerful intelligence - Social engineers leverage publicly available information from company websites, social media, and professional networks to craft highly targeted and convincing scenarios.
  3. Multi-channel approaches increase effectiveness - Today's sophisticated attacks combine multiple communication channels (email, text, phone) to establish credibility and overcome skepticism.
  4. Psychological triggers remain consistent - Despite technological advances, social engineers continue to exploit fundamental human responses to authority, urgency, curiosity, and reciprocity.
  5. Technical tools have democratized attack capabilities - Modern frameworks and automation tools have lowered the technical barrier to sophisticated social engineering, making these attacks more accessible to a wider range of threat actors.
  6. Continuous adaptation is essential for defense - Organizations must view social engineering defense as an ongoing process rather than a one-time training initiative, constantly evolving to address emerging tactics.

Who Should Watch

This session is essential for:

  • Security awareness program managers seeking to improve training effectiveness
  • Risk management professionals responsible for assessing human-focused threats
  • Security operations teams who need to recognize social engineering indicators
  • Executives and managers who serve as high-value targets for attackers
  • IT security professionals implementing technical controls against phishing
  • Compliance officers concerned with human factors in security requirements

Anyone interested in understanding how attackers exploit human psychology to bypass security controls will benefit from this comprehensive exploration of modern social engineering tactics.

Darden BF Headshot

About the speaker, Dardan Prebreza

Senior Security Consultant

Dardan Prebreza (OSCP) is a Bishop Fox Senior Security Consultant alumnus. In this role, Dardan focused on red teaming, internal and external network penetration testing, as well as, web and cloud penetration testing.

Prior to joining Bishop Fox, Dardan was a consultant at Ernst & Young Belgium, part of the Ernst & Young Advanced Security Center. Dardan's responsibilities included performing penetration testing for the financial sector.

More by Dardan

Extend Your Knowledge

Check out these related resources.

Webcast title with speakers' headshot: Combatting Adversaries: Proactive Social Engineering & Network Testing.
Virtual Session

Combatting Adversaries: Proactive Social Engineering & Network Testing

Join us for a fireside chat that illuminates the importance of proactive social engineering defense and the key role of internal network testing in orchestrating a successful counteroffensive against cyberattacks.

Learn More
Red Teaming webcast title with headshot of speaker, Trevin Edgeworth, Red Team Practice Director.
Virtual Session

Red Teaming: The Essential Tool for Security Leaders

Join Trevin Edgeworth, Red Team Practice Director at Bishop Fox, as he sheds light on why Red Teaming has become the ultimate "sanity check" for security team leaders.

Learn More
Cover pages of the Bishop Fox social engineering datasheet.
Datasheet

Social Engineering Datasheet

Learn how social engineering goes beyond conventional phishing exercises to explore the depths of how adversaries can exploit your users, empowering you with insights to improve your security awareness program and related controls like email and file security.
Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.