Social Engineering Defined
From Learn to be a true Social Engineer
Social Engineering is defined as the process of deceiving people into giving away access or confidential information. Wikipedia defines it as: "is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim."[1] Although it has been given a bad name by the plethora of "free pizza", "free coffee", and "how to pick up chicks" sites, aspects social engineering actually touches on many parts of daily life. Many consider social engineering to be the greatest risk to security.[2]
From a security standpoint, it is more a collection of tools and techniques that range from negotiation, sales, psychology and ethical hacking. While social engineering can include physical security this framework focuses on art of manipulating people to achieve a goal. Generally this goal will involve showing a company or organization where weaknesses may lie with training of their people to maintain a security focused mind.
As you will see reading through this framework, the principles can be used in developing and enhancing communications, relationships and our own understanding of those we interact with.
References
- ↑ http://en.wikipedia.org/wiki/Social_engineering_(security)
- ↑ http://www.social-engineer.org/wiki/archives/SEDefined/SEDefined-GreatestRisk.htm
