Security Through Education

A free learning resource from Social-Engineer, Inc

  • Newsletter
  • Contact Us
  • Social-Engineer, LLC
  • The Human Hacking Conference
  • The Human Hacking Book
Home
  • Home
  • Blog
  • Podcast
  • Framework
  • More
    • Social Engineer Village (SEVillage) at DEF CON
    • SEVillage at DerbyCon
    • The Human Hacking Conference
    • What is Social Engineering?
    • Newsletter
  • Home
  • About
  • Blog
  • Podcast
  • Framework
  • EVENTS
    • Social Engineer Village (SEVillage) at DEF CON
    • SEVillage at DerbyCon
    • The Human Hacking Conference
  • Resources
  • YouTube
  • Linked In
  • Twitter
  • Facebook

The Social Engineering Framework

The Social Engineering Framework is a searchable information resource for people wishing to learn more about the psychological, physical and historical aspects of social engineering. Please use the index below to find a topic that interests you.

  • General Discussion
  • Information Gathering
  • Psychological Principles
  • Influencing Others
  • Attack Vectors
  • Social Engineering Tools

Framework Sections

Section Articles

General Discussion

Select a topic from the index below

  • Social Engineering Code of Ethics
  • Social Engineering Defined
  • Categories of Social Engineers
    • Hackers
    • Penetration Testers
    • Spies and Espionage
    • Identity Thieves
    • Disgruntled Employees
    • Information Brokers
    • Scam Artists
    • Executive Recruiters
    • Sales People
    • Governments
    • Everyday People
  • Why Attackers Might Use Social Engineering
  • Typical Goals
  • Common Attacks
    • Customer Service
    • Delivery Person
    • Phone
    • Tech Support
  • Real World Examples
    • Con Man
    • Crime Victim
    • Phishing
    • Politicians

Social Engineering Defined

How is social engineering defined? We define social engineering this way. “Any act that influences a person to take an action that may or may not be in their best interest”.  Our primary focus in this framework is malicious social engineering. However, both positive and malicious aspects of social engineering implement the same principles. With this in mind, it is also important to understand the psychological, physiological, and technological aspects of influence in general.

Social Engineering Defined

Top Methods of Malicious Social Engineering Defined

The top four methodologies of malicious social engineering are:

  1. Phishing: The practice of sending emails that appear to be from reputable sources with the goal of influencing or gaining personal information.
  2. Vishing: The practice of eliciting information or attempting to influence action via the telephone, may include such tools as phone spoofing. The goal of vishing is to obtain valuable information that could contribute to the direct compromise of an organization
  3. Impersonation: The practice of pretexting as another person with the goal of obtaining information or access to a person, company, or computer system.
  4. SMiShing:  The act of using mobile phone text messages (SMS) to influence victims into immediate action. These actions may include downloading mobile malware, visiting a malicious website, as well as calling a fraudulent phone number.”

Malicious social engineering is one of the greatest risks to information security. In fact, according to Verizon’s 2020 Data Breach Investigations Report (DBIR), of the 3,950 confirmed data breaches, 22% included social attacks. In a social attack, criminals target emotions such as fear, urgency, or obedience to influence decision making. Additional social engineering statistics can also be found on our infographic.

Categories of Social Engineers

Social Engineering and those who use it can be broken down in many categories. In the General Discussion section of this Framework we explore 11 categories. These range from professional pentesters, hackers, spies, and cyber criminals, to everyday people such as children, doctors, sales persons, and parents.

What to Expect

The pages in this Framework will help you clearly understand how criminals use malicious social engineering. Additionally, you will see how to use social engineering in a positive way. For instance, to develop and enhance communication skills and relationships. As well as, to increase your own understanding of those with whom you interact.

 

Back To Top Copyright © 2021 Social Engineer, Inc • All Rights Reserved • Site design by Emily White Designs