Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Social engineering is the non-technical cracking of information security (IS). It applies deception for the sole purpose of gathering information, fraud or system access. A number of tactics may be used, including:
Social engineering was initially associated with the social sciences. However, the way it is used also makes it relevant to computer professionals, as it is a significant threat to any system's security.
Spear phishing is a common social engineering technique. For example, a phisher may send an email to addresses at a target company asking a user to verify security information. The email is made to appear legitimate and from the IT staff or senior management, along with a warning for major consequences if the required information is not provided. As with a regular phishing attack, the victim clicks a link that goes to a site the hacker sets up to gather the sensitive information, generally with the look and feel of the real website. After obtaining the info, the hacker has the ability to access the company's network by using a legitimate login.
Dumpster diving refers to a literal search of an organization's garbage for information that can be used to access a company's network. Companies often discard sensitive information, including system manuals, which intruders use to access information systems. In some cases, un-erased and complete hard drives with extremely sensitive information are discarded, allowing a dumpster diver to easily boot up and obtain information.
Social engineering is as dangerous and harmful as any other technical attack. In fact, you could argue that social engineering is more serious than other threats, as humans are always in a vulnerable state. It is not that tough to properly configure a firewall. It is very difficult to train new staff about the dangers of social engineering exploits.