In the computer world, social engineering can be described as tricking someone into doing something, often detrimental, to themselves or others. Social engineering is one of the most common forms of hacking because it is so often successful. It’s often the most frustrating for the defender because it cannot be prevented using technology alone.
Social engineering can be accomplished many ways, including over a computer, using a phone call, in‐person, or using traditional postal mail. There are so many ways and varieties of social engineering that any list purporting to catalog all the ways is going to missing some of the methods. When social engineering originates on the computer, it’s usually done using email or over the web (although it has also been done using instant messaging and just about every other computer program type).
A common social engineering target is to capture a user’s logon credentials, using what is called phishing. Phishing emails or web sites attempt to trick the user into supplying their legitimate logon credentials by posing as a legitimate web site or administrator that the end‐user is familiar with. The most common phishing ploy is to send an email purporting to be from a web site administrator claiming that the user’s password must be verified or else their access to the site will be cut off.
Spearphishing is a type of phishing attempt that is particularly targeted against a specific person ...