Social Engineering
Social Engineering: The Art of Manipulation
In the context of security management, social engineering defines the act of manipulating people to divulge private or confidential information.
It commonly involves enticing people into signing up to a website, for free goods or because of peer pressure. This is how social media and ‘something for nothing’ websites work, even though the intention is not necessarily to defraud.
Other examples of social engineering include:
Pretexting – where the fraudster assumes the role of a person who would have a right to ask personal questions as a way of extracting confidential information from the victim – and the related phishing, which is generally done via email, are examples of social engineering where the intention is to defraud.
The fraudster commonly assumes the role of a bank or other organisation to extract confidential information. The use of phone and interactive voice recognition software to extract such information is also phone phishing or vishing.
The physical interception of goods (diversion theft), phone interception and electronic interception of information can all involve multiple forms of deception. For instance, electronic interception of information might involve baiting where a ‘lost disc’ is read by the curious finder. The finder gets more than he or she bargains for because the disc contains software that creates a backdoor for the fraudster who ‘lost’ the disc to access the computer network.
In the context of security management, social engineering defines the act of manipulating people to divulge private or confidential information.
It commonly involves enticing people into signing up to a website, for free goods or because of peer pressure. This is how social media and ‘something for nothing’ websites work, even though the intention is not necessarily to defraud.
Other examples of social engineering include:
Pretexting – where the fraudster assumes the role of a person who would have a right to ask personal questions as a way of extracting confidential information from the victim – and the related phishing, which is generally done via email, are examples of social engineering where the intention is to defraud.
The fraudster commonly assumes the role of a bank or other organisation to extract confidential information. The use of phone and interactive voice recognition software to extract such information is also phone phishing or vishing.
The physical interception of goods (diversion theft), phone interception and electronic interception of information can all involve multiple forms of deception. For instance, electronic interception of information might involve baiting where a ‘lost disc’ is read by the curious finder. The finder gets more than he or she bargains for because the disc contains software that creates a backdoor for the fraudster who ‘lost’ the disc to access the computer network.
