Social engineering is fundamentally a low-tech attack method because it exploits human psychology, trust, and gullibility rather than complex technical vulnerabilities. The primary attack vector is the human element. Attackers manipulate individuals into divulging sensitive information or performing actions that compromise security. Classic examples, such as impersonation over the phone, pretexting, or tailgating to enter a secure facility, require minimal to no advanced technology, making it a quintessential low-tech way to gain unauthorized access.

B. Eavesdropping: While simple shoulder surfing is a low-tech form, eavesdropping in a modern cybersecurity context often implies technical interception of electronic or network communications, which is not low-tech.

C. Scanning: This is an inherently technical reconnaissance method that requires specific software tools (e.g., Nmap) to actively probe networks and systems for open ports, services, and vulnerabilities.

D. Sniffing: This is a technical method requiring specialized software (e.g., Wireshark) and hardware to passively capture, decode, and analyze data packets traversing a network.

1. Bishop

M. (2003). Computer Security: Art and Science. Addison-Wesley Professional. In Chapter 1

Section 1.2.3

"Methods of Attack

" the text distinguishes between attacks that exploit hardware or software and those that exploit human practices. Social engineering is presented as a primary example of the latter

non-technical category.

2. Pfleeger

C. P.

Pfleeger

S. L.

& Margulies

J. (2015). Security in Computing (5th ed.). Prentice Hall. Chapter 1

Section 1.3

"Methods of Defense

" discusses threats and categorizes social engineering as a non-computer-based attack that involves tricking or persuading an authorized user.

3. Stallings

W.

& Brown

L. (2018). Computer Security: Principles and Practice (4th ed.). Pearson. Chapter 17

"Human Factors

" is dedicated to non-technical attacks

with Section 17.1

"Social Engineering

" defining it as a technique to trick people

contrasting it with purely technical hacking methods.

4. University of California

Berkeley. (2020). CS 161: Computer Security

Lecture 1: Introduction and Threat Models. The lecture notes differentiate between technical attacks on systems and attacks that target the human component

identifying social engineering as the key example of exploiting human fallibility. (Specific lecture materials available via course websites).