Social Engineering – is the art of masquerading as a legitimate person, or the art of deception, used in the cyberspace in an effort or attempt to gain confidential, or unauthorized information, or to get someone in a relatively advantaged position to perform an action, that can be used by a malicious actor against a target, either an individual or an organization.
Social Engineering is in itself just a collection of words and/or actions, but can be used as a tool for cybercrime. In many cases, social engineering has been used in both good and bad, but is often inclined in the dark side (Blackhat hacking). On the bright side, social engineering has been used to advance internal preparedness of employees during Whitehat hacking engagements like Red-Teaming.
Often, employees or victims of social engineering end up unaware that they were just used as an accessory for cybercrime or internal tests, even after the fact. This is however relative to the type of social engineering one has been a victim of, as there are many;
- Phishing – entices users to click on malicious links in sites, chats, email attachments, etc.
- Whaling – advanced form of phishing that is custom to the target.
- Baiting – tricks victims into false promises upon revealing confidential information or performing malicious action.
- Tailgating/Piggybacking – tricking a legitimate employee by befriending them into a building or through a secured door.
- Smishing / SMS-phishing – uses SMS communication to trick victim into clicking attached links.
- Quid Pro Quo – malicious actor’s offers to help the victim with a desired service/action in exchange for their credentials.
- Pretexting – involves malicious actor masquerading as a person in power, who demands an action or information from a subordinate.
Wiki | thetqweb