Chapter 4. An Introduction to Social Engineering Techniques
"We are never deceived; we deceive ourselves."
—Johann Wolfgang von Goethe
This chapter provides an introduction to social engineering. Because it is a huge topic, I can't begin to provide more than an overview. Social Engineering (also variously referred to as hacking 'wetware' or more bluntly as lying and deception) means obtaining confidential or privileged information by manipulating legitimate sources or holders of that information. This usually involves access control information, such as passwords or information on staff, company assets etc. Taken further, social engineering can be used to cause people to do things that compromise security as a whole, such as physically grant you access to resources or premises you should not have. This always requires some degree of deception. Therefore, a lot of the techniques discussed in Chapter 3 would be considered by many to be social engineering.
NOTE
A lot of books cover social engineering in detail. I recommend Kevin Mitnick's Art of Deception (ISBN-13: 978-0764542800) by Wiley.
However, while this chapter contains approaches useful in a face to face situation, they are just as applicable over the phone or via the Internet; indeed, social engineering is much easier (and safer) when performed in this way. Remember the following phrase: Identification without verification.
|
Computers don't care if they're abused, people (on the ... |
