1.2. Overview of Social Engineering
What is social engineering?
I once asked this question to a group of security enthusiasts and I was shocked at the answers I received:
"Social engineering is lying to people to get information."
"Social engineering is being a good actor."
"Social engineering is knowing how to get stuff for free."
Wikipedia defines it as "the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim."
Although it has been given a bad name by the plethora of "free pizza," "free coffee," and "how to pick up chicks" sites, aspects of social engineering actually touch many parts of daily life.
Webster's Dictionary defines social as "of or pertaining to the life, welfare, and relations of human beings in a community." It also defines engineering as "the art or science of making practical application of the knowledge of pure sciences, as physics or chemistry, as in the construction of engines, bridges, buildings, mines, ships, and chemical plants or skillful or artful contrivance; maneuvering."
Combining those two definitions you can easily see that social engineering is the art or better yet, science, of skillfully maneuvering human beings to take action in some aspect of their lives. ...
