Social engineering a method of fraud and hacking that utilizes the humanity and nature of people to retrieve information from them voluntarily. By playing into the nature of the person, hacking through technological means is sometimes not necessary. If one can fool a person into giving away information voluntarily, then creating a program or hack to retrieve that information involuntarily is no required. Furthermore, it can be much simpler and efficient to get information from someone through social engineering than it would ever be to steal that information via a computer program or password cracker.

This form of forcing users to disclose information must be done through some human means. The point of social engineering is to utilize the fallacies of human logic and biases to trick the target into revealing confidential information through various methods and tactics.

Tactics and Methods

There are various means of utilizing social engineering to obtain confidential and secret information such as passwords and private data. All of these methods work through some medium in which the attacker has to actually converse with the victim in some way, whether directly or indirectly. In all methods, feedback from the victim is required. This feedback is usually the necessary information the attacker was looking for.

Although social engineering tactics are heavily performed through electronic and computer mediums. There are many methods in which social engineering can be done through the physical realm.

=

Security, Precautions, and Defenses

Ethical and Legal Concerns

Study Guide

References

External Links

• Security Precautions (Old Project Page)

• Social Engineering (Wikipedia)

• Social Engineering Fundamentals

• Social Engineering Attacks

• Proactive Defense to Social Engineering

• Social Engineering FAQ

• Social Engineering Defense 101

• Best Defense Against Social Engineering

• Social Engineering Self-defense

• Social Engineering: Hackers show how it is done