What is Social Engineering ?
Printable View
What is Social Engineering ?
Social Engineering is when you convience somebody you are someone you are not or convince them to give you information they wouldn't normally give you. Or just in general convince them to do anything you want them too. For a more in depth definition: http://www.google.com/search?hl=en&l...ng&btnG=Search
WTF the negs for...!?!??! If you're gonna neg somebody, at least post something so we know why the person got negged for on a legit question.
anyways:
Social Engineering:Term used among crackers for exploiting weaknesses in people, rather than software--tricking someone into giving out information like passwords that will compromise system security.
A cracker term for tricking users of a system to reveal passwords so that the cracker can gain entry to the system. A common technique is to contact users in chat or e-mail on a system, pretend that they are employees of the system performing security checks, and insist that the users give their password to prove who they are or their account will be closed. Such requests are never legitimate! Social engineering schemes can be quite ingenious and convincing and more subtle than the simple technique above. Never reveal a password or even give hints what it may be.
An attack based on deceiving users or administrators at the target sire. Social engineering attacks are typically carried out by telephoning users or operators and pretending to be an authorized user to attempt to gain illicit access to systems
People have the habit of doing that to 'balance' and Cybr1d what you posted was in my link :p no problem though I should've quoted the correct definition anyways because some words have multiple definitions
The answer is right here on AntiOnline as well. AntiOnline is a mirror for the Hacker Jargon Files.
Quote:
http://www.antionline.com/jargon/socialengineering.php
social engineering n.
Term used among crackers and samurai for cracking techniques that rely on weaknesses in wetware rather than software; the aim is to trick people into revealing passwords or other information that compromises a target system's security. Classic scams include phoning up a mark who has the required information and posing as a field service tech or a fellow employee with an urgent access problem. See also the tiger team story in the patch entry.
Taken from AO's "Fight Back" Section:
Quote:
This method isn't as romantic as it sounds. It basically involves the hacker lying to a user, in order for them to obtain information, in this case, your password. Here's one simple example of social engineering.
The phone rings:
You: Hello?
Hacker: Hi, this is Mike from Dial-Ups-USA.
You: Ah, you're the ones I get my Internet access through, right?
Hacker: Yeah. That's why I'm calling. Have you tried to access your e-mail today?
You: No, I've had a busy day, why?
Hacker: I know how those go. I've had a busy today too. We had a problem with our mail server. It crashed and all of the user accounts were deleted.
You: Oh, I guess you have been busy then. How long will my account be down?
Hacker: Well, hopefully within the next few minutes. I'm the lucky guy that got chosen to call all of our users and re-establish their accounts. Do you remember what your username is?
You: Username?
Hacker: Yes, that would be the part of your e-mail address that comes before the @ sign.
You: Oh, that would be 'John20' then.
Hacker: Ok, great. I'll add that in here right now.
You: Ok, thanks.
Hacker: What would you like your password to be?
You: Do I need to pick a new one, or can I use the same one that I used before?
Hacker: You can go ahead and use the same one as before.
You: Ok, make it 'YouGotMe' again. This way I won't have to try to remember a new one.
Hacker: Give me a minute to enter it.....Ok, you're all set. The account should be re-activated within the next 10 minutes or so.
You: Ok thanks, I appreciate that.
Hacker: No problem, have a nice day.
You: You too...
I can hear you saying it now. "I'd never fall for something like that." Hackers pray on one simple fact about the average user. If something seems "wrong" to a user, or "out of the ordinary", they almost ALWAYS assume it's because they aren't the expert "Well, I'm not sure what he's talking about, but I don't know a lot about computers, so he must be right."
How do you protect yourself from this type of attack? Have self confidence, and use your common sense. If it walks like a hacker and talks like a hacker, it's probably a hacker.