What is Social Engineering?





Social engineering is the use of idiosyncrasies of the way our brains work to trick us into doing something we would otherwise not do.

Let me give you an example. Suppose that you live in an apartment complex that has a secure gate and everyone at that complex has been told, "Don't let strangers in. Don't hold the door for anyone." I could use a few techniques to get in there. For example, people respond to authority. I could dress up as a fireman and someone is probably going to let me into the building even though I obviously don't live there.

Similarly, I could use a sense of urgency. I could have a huge armload of packages and just as someone who's going through the door, I could say, "Hey, please hold the door." You'd have to be pretty rude to just slam the door on my face when my arms are full of packages.

Now, why is this important? Every day people use these techniques in email. We'll look at the urgency first, how many times have you seen a notice? "Urgent notice from your bank, your account is blocked until we hear from you." And it turns out that that's a phishing message. Similarly, people use the authority card very often. They will pose as your CEO, an executive, your system administrator in order to get you to click or wire money or do whatever it is the bad guy wants you to do.