Social Engineering

Jump to: navigation, search

Social Engineering Social engineering denotes the discipline, art, and profession of acquiring and applying social, psychological, corporate, and behavioral knowledge to gain information, increase one's influence over others, better the chances of acquiring further information, and manipulate people and their (local) social environment. Social engineering usually involves some form of deception, and is most often goal oriented. A social engineering project often terminates with the engineer gaining access to information that is supposed to be secured by computer systems; social engineers manipulate people into releasing the information (often by mistake), and the use of people separates social engineering from other forms of hacking (e.g. Courses/Computer Science/CPSC 601.29.ISSA ; Protecting Against Heap-Based Buffer Overflows); the mundane faceless-nameless methods of social engineering separates social engineers from con artists.

To give a brief introduction to social engineering I will present the malicious side of social engineering: deception. However, I would like to note Dale Carnegie's How to Win Friends and Influence People gives a positive view of manipulating people.

Seminally, we have Kevin Mitnick's Social Engineering: The Art of Deception

In academia, there are three major areas of social engineering research: 1) analyzing and categorizing social engineering methods, 2) social psychology, and in particular, deception, and 3) safeguarding against social engineering attacks. We focus on the psychological factors that make social engineering attacks effective and methods to reduce the success rate of social engineering attacks. We list the papers here.

Deception in social psychology

Defending from social engineers

Here is my current draft. [1]

BTW, if anyone actually knows how to make a wiki page, please offer me assistance. I haven't the foggiest what I am doing.

Author Jonathan Gallagher [2]