Social Engineering

View our 2018 and 2019 listing of information security (infosec) / cyber security training courses, events and conferences from around the world that are associated with Social Engineering.

Social engineering is the non-technical cracking of information security (IS). It applies deception for the sole purpose of gathering information, fraud or system access. A number of tactics may be used, including:

  • Taking advantage of human kindness
  • Searching for sensitive data outside of a computer, like looking inside a dumpster
  • Obtaining computer passwords via covert methods

Social engineering was initially associated with the social sciences. However, the way it is used also makes it relevant to computer professionals, as it is a significant threat to any system’s security.

Spear phishing is a common social engineering technique. For example, a phisher may send an email to addresses at a target company asking a user to verify security information. The email is made to appear legitimate and from the IT staff or senior management, along with a warning for major consequences if the required information is not provided. As with a regular phishing attack, the victim clicks a link that goes to a site the hacker sets up to gather the sensitive information, generally with the look and feel of the real website. After obtaining the info, the hacker has the ability to access the company’s network by using a legitimate login.