As many of you know, social engineering can prove to be very effective. But a social engineering attack is only as good as the engineer. Every successful hack must be backed by reconnaissance, this even applies to social engineering. This type of reconnaissance is slightly different however, it isn't recon of the machine, but of the user. Recon for social engineering can be done thorough watching the user's activity, seeing what sites they visit, and if they exhibit certain kinds of behavior. These are some of the things we'll be discussing here.
For recon, we simply need to watch the user, and to look for signs of certain personality traits. For example, if we're watching a victim's web traffic through a MitM, we can gain a better understanding of the way that user thinks.
By understanding the user's behavior, we can build a better attack. For example, if a user exhibits erratic behavior, we'll need to build something more eye catching to attract their attention. The best thing to watch for when evaluating behavior is patterns. If you manage to identify enough patterns, you can get a good idea of a person's traits.
People are vulnerable, much like the systems they use. If you can identify a person's traits, you can build an attack optimized for them. By doing thorough reconnaissance and evaluating the user's behavior, you can find vulnerabilities in the person.
So, in summary, social engineering can be taken to the next level with the addition of some simple psychology. Learning more types of behaviors will increase your arsenal of exploits.
This is simply an introduction to a much larger topic, there are many different behavior types that have an array of ways to exploit them.
Thank you for reading!