News. Step 1: The white hat hacker finds all the domain names a company uses and makes a list of all the active email addresses at a corporation. Then they start researching on the people in the company. Their Linkedin, Facebook and Twitter accounts as well as anything else they can find on the public web. They build a small personality profile on each person: what are their passions, where they live, how many children they have, names, pets, do they go through a difficult time in life right now, any personal or financial tragedy.
Step 2: Understanding the organization’s infrastructure , what computer systems and software is used looking at public resumes and job openings to see what kind of employees a company has, and the expertise of its security team. Often companies advertize what software vendors they use, or the vendors themselves advertise their clients.
Step 3: Social engineering means calling a company pretending to be a business customer and asking for an antivirus recommendation. Or it might mean pretending to be a secretary who is trying to get some information. As opposed to evil hackers, white hackers has been told by the company what data is vital to its business, so he knows what to look for.
Step 4: The next step is gaining access. That can come in the form of a phishing attack, where a fraudulent email message carrying a benign-looking attachment opens the door to malware, software that can actually take over a computer.
Step 5: The last step is launching the attack in the afternoon on a Friday where most of the office will be driving home for the weekend. Now they may find vast stores of critical information, but being part of a test they stop as soon as he gets access.