https://media.ccc.de/v/37c3-11721-soc... Everything you always wanted to know about social engineering but never had the time to ask. In this talk, I describe the history and subject of social engineering beyond the tech context and use relevant research to explain how, why and on whom it works. The modern technical challenges are explained as well as measures that can be taken against social engineering now or in the future - individually or in groups or organizations. Over different eras, social engineering has always excelled in criminal use. Professional con artists, tricksters and agents have successfully used social engineering for criminal enterprises, data collection or simply because it was fun. But social engineering is actually a very everyday phenomenon. Everyone is a skilled social engineer at least in their childhood. Some make it their profession, be it as a salesperson or red teamer. Because social engineering is, at its core, the art of persuading other people. Since the 1970s, psychological research has been intensively studying how other people can be persuaded and which methods are suitable for this. The central models and concepts such as the ELM model and various cognitive biases are presented, and the role they play in social engineering is practically illustrated. Some myths that are circulating about social engineering are described and clarified, and one or two fun facts that may not be known to everyone are discussed. The final part of the lecture is all about the largest area of ​​malicious social engineering that takes place online today. I will explain the basic classifications of social engineering in a practically relevant way using the latest research and show measures that really help - contrary to what some consultants like to sell. K4tana https://events.ccc.de/congress/2023/h... #37c3 #Science