What is Social Engineering?
“The only true way to reduce the effect of social engineering attacks is to know that they exist, to know how they are done, and to understand the thinking process and mentality of the people who would do such things. When you possess this knowledge and you understand how malicious hackers think, a light bulb goes off. That proverbial light will shine upon the once-darkened corners and enable you to clearly see the “bad guys” lurking there. When you see the way these attacks are used ahead of time, you can prepare your company and your personal affairs to ward them off.” – Paul Wilson
There is a misconception when it comes to security. There are individuals who think that if they spend vast amounts of money on the latest and greatest security systems and equipment, then they will be safe, but the reality is, no matter how sophisticated your security equipment and procedures may be, the most easily exploitable aspect is, and has always been, the human infrastructure. The skilled malicious social engineer is a weapon, nearly impossible to defend against.
When it comes to security there are two sides of the coin. From the inside, we look for a sense of comfort and assurance. From the outside, thieves, hackers, and vandals are looking for gaps. Most of us believe our homes or businesses are safe until one day, we find ourselves locked out, we find that there has been a breach. Suddenly, our perspective shifts and weaknesses are easily found.
The problem is that most of us are blinded to potential problems by our own confidence or our belief that strong locks, thick doors, a high-end security system and a security guard are more than enough to keep most people at bay. But no matter how secure a system is, there’s always a way to break through. Often, the human elements of the system are the easiest to manipulate and deceive. Creating emotions in the target, using influence, manipulation tactics, or causing feelings of trust are all methods used by the skilled social engineer.
The first step in becoming more secure is simply conceding that a system is vulnerable and can be compromised. On the contrary, by believing a breach is impossible, a blindfold is placed over your eyes.
Wikipedia defines social engineering as “the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.”
But social engineering does not have to occur in a malicious way. Often times, the best social engineers will leave their targets feeling better that they met them. Maybe a better, more simple way to define social engineering can simply be: The art and science of skillfully maneuvering human beings to take action in some aspect of their lives, and that can be for better or worse.
“Remember: those who build walls think differently than those who seek to go over, under, around or through them. If you think you can’t be conned, you’re just the person I’d like to meet.” – Paul Wilson