Social Engineering
Social engineering is the art of manipulating people so they give up confidential information. It targets the weakest link in any security chain: the human being.
1 Hacking the Human
Why spend weeks trying to crack a complex password when you can just ask someone for it? Social engineers exploit human psychology—curiosity, fear, urgency, or helpfulness—to trick victims.
The Con Artist
They don't use code; they use confidence. They might pose as IT support, a CEO, or a delivery person.
Psychological Triggers
"Urgent: Your account will be deleted!" creates panic, causing victims to act without thinking.
2 Common Techniques
Phishing
Sending fraudulent emails that appear to come from a reputable source (e.g., your bank) to steal sensitive data like login info.
Vishing (Voice Phishing)
Using the telephone to scam the user into surrendering private information. "Hello, this is Microsoft Support..."
Pretexting
Creating a fabricated scenario (the pretext) to engage a victim. E.g., pretending to be a surveyor asking questions to get birth dates.
3 Defense
Stop. Look. Think.
The best defense is skepticism. Technical controls (spam filters) help, but they aren't perfect.
- Verify the sender's email address carefully.
- Never click links in unexpected emails.
- If it feels too urgent, it's likely a trap.