Social engineering is a term for manipulating and deceiving people, usually for the purpose of obtaining information or insight into the system. Its aim is to create the impression that the situation is different than it actually is. Social engineering is the simplest form of attack on information security and with a great success. The attacker bypasses security technology and uses a variety of tricks, deceits and manipulation techniques, which deceives his victim so that he alone will give him the required information. Social engineering has its roots in the classic real-world frauds (fake cop, fake toll charges for electricity, etc.) and its methods are as follows:
- Impersonating someone else
- Causing stressful or dangerous situation (solving a dangerous situation that needs to be dealt with quickly)
- Inducing trust
- Inducing attractive or profitable business (win the lottery, sexual content)
- Inducing curiosity
Social Engineering in practice: Attacker in most cases of social engineering does not come into personal contact with the victim. The contact is via phone or e-mail. Large organizations are often attacked where people do not know each other personally (the attacker impersonates technical support, handyman, etc.). Social engineering attacks can best be avoided only by properly trained personnel and compliance. The technology plays only a marginal and complementary role.