Listen To This Article - A Short Ad Pays For This Service

Updated on by

SCARS™ Guide: Socially Engineered / Social Engineering Scams

You Have Probably Heard That Term “Social Engineering’ Before, But What Is It?

 

Social Engineering Is …

Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information.

It is a type of confidence trick (scam) for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme.

The term “social engineering” as an act of psychological manipulation of a human, is also associated with the social sciences, but its usage has caught-on among scammers, computer and information security professionals.

Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.

Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software.  For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is really weak).

Security is all about knowing who and what to trust. It is important to know when and when not to take a person at their word and when the person you are communicating with is who they say they are. The same is true of online interactions and website usage: when do you trust that the website you are using is legitimate or is safe to provide your information?

Ask any security professional and they will tell you that the weakest link in the security chain is the human who accepts a person or scenario at face value. It doesn’t matter how many locks and deadbolts are on your doors and windows, or if have guard dogs, alarm systems, floodlights, fences with barbed wire, and armed security personnel; if you trust the person at the gate who says he is the pizza delivery guy and you let him in without first checking to see if he is legitimate you are completely exposed to whatever risk he represents.

Social Engineering Can Be Used For Good And Bad

As an attack vector, social engineering has been utilized in many different crime areas and cybercrime is no exception. In fact, many internet security companies continuously highlight the human factor as the weakest link in cybersecurity. Influencing people into acting against their own interest or the interest of an organization is often a simpler solution than resorting to malware or hacking.

Both law enforcement and the financial industry indicate that social engineering continues to enable attackers who lack the technical skills, motivation to use them or the resources to purchase or hire them. Additionally, targeted social engineering allows those technically gifted to orchestrate blended attacks bypassing both human and hardware or software lines of defense.

Key Threats Social Engineering Is Involved In: