What is social engineering?

Social engineering is the act of manipulating others to take specific actions or leak confidential information in the context of information security. It is similar to scamming or deception, so the term is often used to refer to fraud or scamming for the purpose of gathering information, defrauding and accessing computer systems, in most cases without face-to-face contact between the attacker and the victim. Although often given a bad name, social engineering actually touches on many aspects of life.

Wechsler's dictionary defines social as "of or relating to the life, welfare, and relations of a community" and engineering as "the art or science of making practical applications of pure sciences such as physics, chemistry, etc., as in the construction of engines, bridges, buildings, mines, ships, chemical plants, etc., mechanical control techniques, or elaborate inventions. "

Combining these two definitions, it is easy to see that social engineering is an art or better said, a science, which skillfully manipulates people to take certain actions in certain aspects of their lives. This definition extends the activities of social engineers to all aspects of life.

Children use social engineering to get what they want from their parents, teachers use social engineering to interact with their students, doctors, lawyers or psychologists use social engineering to get information from their patients and clients. And, of course, the judiciary uses it, too, when people are dating. In fact, everyone from infants to politicians uses social engineering in their interaction activities.

Thus, the definition of social engineering can be expanded to include the act of manipulating others to take a particular action, not necessarily in the best interest of the "target person," which results in obtaining information, gaining access, or getting the target to take a particular action.

Social engineering is largely misunderstood, leading to many different perspectives on how it is defined and how it works. Some simply see social engineering as lying to get free pizza or to con people out of their money; others categorize it as a tool for criminals or con artists; others classify it as a science, believing that its theories can be studied in different categories or mathematical formulas; and still others see it as a long-lost mystical art where mastery of social engineering allows practitioners to create powerful illusions of the mind like magicians.

Everyone uses social engineering methods every day in a variety of situations. Children use it to get candy, employees use it to get promotions. From the operations of large government departments to the marketing practices of small companies, social engineering is present in one way or another. But criminals and con artists also use social engineering for the purpose of stealing information from others and committing crimes. As with any tool, social engineering is not good or bad, it is simply a multi-purpose tool.