Social engineering is the practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information or getting them to do something that is against typical policies. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. It is generally agreed upon that “users are the weak link” in security and this principle is what makes social engineering possible. To meet Wikipedias quality standards, this article or section may require cleanup. ...

Examples of social engineering

A contemporary example of a social engineering attack is the use of e-mail attachments that contain malicious payloads (that, for instance, use the victim's machine to send massive quantities of spam). After earlier malicious e-mails led software vendors to disable automatic execution of e-mail attachments, users now have to explicitly activate attachments for this to occur. Many users, however, will blindly click on any attachments they receive, thus allowing the attack to work. Wikipedia does not yet have an article with this exact name. ... In cargo transport, the payload is the valuable contents of the vehicle. ... A KMail folder full of spam emails collected over a few days. ... An e-mail attachment (or email attachment) is a computer file which is sent along with an e-mail message. ...

Perhaps the simplest, but a still effective attack is tricking a user into thinking one is an administrator and requesting a password for various purposes. Users of Internet systems frequently receive messages that request password or credit card information in order to "set up their account" or "reactivate settings" or some other benign operation in what are called phishing attacks. Users of these systems must be warned early and frequently not to divulge sensitive information, passwords or otherwise, to people claiming to be administrators. In reality, administrators of computer systems rarely, if ever, need to know the user's password to perform administrative tasks. However, even this might not be necessary — in a 2003 Infosecurity survey, 90% of office workers gave away their password in exchange for a cheap pen. [1] Credit cards An array of various credit cards. ... This phishing attempt, disguised as an official email from a (fictional) bank, attempts to trick the banks members into giving away their account information by confirming it at the phishers linked website. ... A computer system is the synthesis of hardware and software. ... 2003 (MMIII) was a common year starting on Wednesday of the Gregorian calendar. ... Information security deals with several different trust aspects of information. ... A password is a form of secret authentication data that is used to control access to a resource. ... A ballpoint pen A pen is a writing instrument which applies ink to some surface. ...

Social engineering also applies to the act of face-to-face manipulation to gain physical access to computer systems.

Training users about security policies and ensuring that they are followed is the primary defense against social engineering.

One of the most famous social engineers in recent history is Kevin Mitnick. Kevin Mitnick Kevin David Mitnick (born August 6, 1963) is one of the most famous computer hackers. ...

Social engineering in popular culture

• In the film Hackers, the protagonist used a form of social engineering, where the main character accessed a TV networks control system by phoning the security guard for a modem number, posing as an important executive. Although the film is not highly accurate, the particular method demonstrates the power of Social engineering.
• A form of social engineering can frequently be found in the Online Internet Gaming community. Befriending a user with the intent of extorting account passwords and game serial numbers can give previously banned cheaters access to online play. Insecure personal password policies amongst gamers will often give the unscrupulous user access to gamer’s other types of account, eg: forum accounts or email accounts. Gamers should secure their accounts with strong passwords and never share their serial numbers or they may face sharing the server/forum bans that the hackers earn.

Hackers is a 1995 film that follows the misfortunes of the young hackers Dade Murphy (Crash Override/Zero Cool, played by Jonny Lee Miller), Kate Libby (Acid Burn, played by Angelina Jolie) and their friends. ... The protagonist or main character is the central figure of a story. ...

See also

• Pretexting
• Phishing
• Confidence trick

Pretexting is to pretend that you are someone who you are not, telling an untruth, or creating deception. ... This phishing attempt, disguised as an official email from a (fictional) bank, attempts to trick the banks members into giving away their account information by confirming it at the phishers linked website. ... A confidence trick, confidence game, also known as a con, scam, grift or flim flam, is an attempt to intentionally mislead a person or persons (known as the mark) usually with the goal of financial or other gain. ...

References

• John Leyden, April 18, 2003. Office workers give away passwords for a cheap pen. The Register. Retrieved 2004-09-09.
• Kevin D. Mitnick, William L. Simon, Steve Wozniak. The Art of Deception: Controlling the Human Element of Security. John Wiley & Sons, 2002. ISBN 0471237124.
• SirRoss, January 20, 2005. A Guide to Social Engineering, Volume 1 A Guide to Social Engineering, Volume 2. Astalavista.

April 18 is the 108th day of the year in the Gregorian calendar (109th in leap years). ... 2003 (MMIII) was a common year starting on Wednesday of the Gregorian calendar. ... The Register (El Reg to its staff) is a British technology news website focusing on the computer industry. ... 2004 (MMIV) was a leap year starting on Thursday of the Gregorian calendar. ... September 9 is the 252nd day of the year (253rd in leap years). ... Kevin Mitnick Kevin David Mitnick (born August 6, 1963) is one of the most famous computer hackers. ... Steve Wozniak or Woz invented the Apple II, the computer that launched Apple. ... For album titles with the same name, see 2002 (album). ... January 20 is the 20th day of the year in the Gregorian calendar. ... 2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ... Astalavista is frequently used as a domainname for computer security and hacking related websites. ...

External links

• Social Engineering Fundamentals
• Social Engineering: A complete Article
• Social Engineering, the USB Way - Dark Reading (Jun 7th, 2006)