Social engineering refers to the art or set of methods used to manipulate individuals in order to disclose sensitive knowledge (Peltier, 2006). In other words, it is a kind of trust trick aimed at collecting classified information, access to the system, and involvement in the fraud. The kinds of information that social engineering offenders are after may differ. However, as criminals attack individuals, they often attempt to cheat people into sharing their bank details, passwords, or connections to their computers. Their aim is to secretly install malicious software that will enable them to have access to the users’ bank information and passwords, as well as take control over such computers (Peltier, 2006).
Criminals make use of social engineering tactics because they find it easier to exploit people’s natural predisposition to trust than it is to determine ways of hacking their software (Applegate, 2009). For instance, it is easier for the social engineering criminals to convince or fool people into giving them their password details than it is for them to hack such passwords unless the password is very weak.
One of the ways by which social engineering criminals launch social engineering attacks is through the use of emails from friends (Rocha Flores & Ekstedt, 2016). If the social engineering criminals manage to social engineer or hack an individual’s email, they gain access to such a person’s contact list, and since many people utilize the same password to protect most of their information, the criminals will probably also have access to such an individual’s social networking contacts. Once the criminals take control of one’s email account, they then send emails to every contact or leave various messages on the social pages of all the friends of that person (Rocha Flores & Ekstedt, 2016).
Social engineering attacks can also occur in the form of phishing attempts, where a phisher sends and email, text message, or comment that appear to emanate from a legitimate source such as bank, company, or learning institution (Peltier, 2006). Other social engineering attacks can be in the form of baiting. The social engineering criminals know that most people will take the bait if they dangle certain things that people need. Such baiting schemes are usually found on various peer-to-peer sites that offer different download options for things like music and video (Applegate, 2009). Individuals who take the bait may end up getting infected by malicious software capable of generating any number of new exploits against the users’ contacts. Besides computer users may end up losing their money unknowingly (Applegate, 2009).
The use of social engineering may also arise in the form a response to an irrelevant question. Social engineering criminals may sometimes pretend to be responding to one’s request for assistance from an institution or company while also providing more help (Peltier, 2006). The criminals usually pick agencies or companies used by many people like banks or software companies. Individuals who do not use the services or products from such organizations or agencies may ignore the socially engineered messages, emails, or phone calls. However, those who happen to be using such products and services often have a good chance of responding since they probably need solutions to certain issues (Peltier, 2006). Even if they know they did not initially ask a question, they are likely to have some computer-related problems that they would like the service providers to fix for them for free. The moment one responds to such questions, he or she begins to trust the criminals, and eventually opens up for exploitation (Peltier, 2006).
Some social engineering techniques are all about causing distrust, or conflicts. Such social engineering acts usually get performed by individuals against the people they know well (Rocha Flores & Ekstedt, 2016). Creating of social distrust also gets carried out by nasty individuals whose aim is to wreak havoc, or by extortionists whose aim is to manipulate information and then threaten people with the disclosure of such information (Rocha Flores & Ekstedt, 2016). The malicious individuals who create social distrust may alter private or sensitive communications using various editing techniques and then forward such edited information to other people so as to create embarrassment, distrust, and drama. Alternatively, the social distrust creators may use the edited information to extract money from the supposed recipient or from the person they hacked (Rocha Flores & Ekstedt, 2016).
According to Peltier (2006), social engineering is a criminal act that neither benefits an individual or the society. The only beneficiaries of social engineering are the criminals themselves. However, there is a broad range of positive impacts on both an individual and the society resulting from knowing various social engineering techniques. Having the knowledge about social engineering practices helps in preventing occurrences of unauthorized access, stopping possible information and identity theft, preserving information systems’ integrity, as well as preventing the possibility of downloading suspected or malicious software (Peltier, 2006). On the other hand, being uninformed on various social engineering techniques has a broad range of negative impacts, including possible information and identity theft, data corruption, physical security threat, and unplanned system downtime (Applegate, 2009).
In conclusion, social engineering forms a significant threat to information security. The security of information is all about knowing what and who to trust, as well as understanding when, and when not to trust. People, therefore, need to remain cautious to avoid providing confidential information to unauthorized persons, who may exploit such information to their advantage.
Applegate, S. (2009). Social Engineering: Hacking the Wetware!. Information Security Journal: A Global Perspective, 18(1), 40-46. http://dx.doi.org/10.1080/19393550802623214
Peltier, T. (2006). Social Engineering: Concepts and Solutions. Information Systems Security, 15(5), 13-21. http://dx.doi.org/10.1201/1086.1065898x/463188.8.131.5260901/95427.3
Rocha Flores, W., & Ekstedt, M. (2016). Shaping intention to resist social engineering through transformational leadership, information security culture, and awareness. Computers & Security, 59, 26-44. http://dx.doi.org/10.1016/j.cose.2016.01.004