Which low-tech attack is effective in gaining unauthorized access to network systems?

The effective low-tech attack for gaining unauthorized access to network systems is social engineering. This method exploits human psychology rather than technical vulnerabilities, targeting individuals to divulge confidential information or access credentials. Social engineering attacks often involve deception, such as impersonating a trusted entity to trick a person into providing sensitive data, which can include usernames, passwords, or other authentication tokens.

With social engineering, attackers can manipulate individuals by exploiting their trust, curiosity, or fear. This can happen through various means, such as phone calls, emails, or even face-to-face interactions. As a result, strong awareness and training are essential to defend against these types of attacks since they leverage the human element rather than requiring sophisticated technology or methodologies.

Other options like sniffing and eavesdropping involve using technical tools to intercept data or communications, while shoulder surfing requires physical proximity to observe someone's screen or input devices. These methods are more reliant on technology or physical observation and do not exploit the vulnerabilities present in human interactions to the extent that social engineering does.