Beckers, K.; Schosser, D.; Pape, S. and Schaab, P.In Trust, Privacy and Security in Digital Business - 14th International Conference, TrustBus 2017, Lyon, France, August 30-31, 2017, Proceedings, pages 232-246, 2017, Revision 1, Table 7 was corrected, see https://link.springer.com/10.1007/978-3-319-64483-7_16.
Social engineering is the clever manipulation of the human tendency to trust to acquire information assets. While technical security of most critical systems is high, the systems remain vulnerable to attacks from social engineers. Traditional penetration testing approaches often focus on vulnerabilities in network or software systems. Few approaches even consider the exploitation of humans via social engineering. While the amount of social engineering attacks and the damage they cause rise every year, the defences against social engineering do not evolve accordingly. However, tools exist for social engineering intelligence gathering, which means the gathering of information about possible victims that can be used in an attack. We survey these tools and present an overview of their capabilities. We concluded that attackers have a wide range of intelligence gathering tools at their disposal, which increases the likelihood of future attacks and allows even non-technical skilled users to apply these tools.