Social engineering is the use of psychological manipulation (taking advantage of human weakness) to gain access to something off-limits.
Story: Getting In The Door
In Little Red Riding Hood, the Big Bad Wolf gets into grandmother’s house by pretending to be her granddaughter. He then eats grandmother, waits for Little Red Riding Hood to arrive, and tries to dupe her as well (by wearing grandmother’s clothes).
This is social engineering – the wolf didn’t pick the lock, but talked grandmother into unlocking the door. Once in, he tries more deception (grandmother’s clothes) to achieve his next goal.
A few hundred years later, nothing has really changed.
Hackers often target human weakness because it’s easier to exploit than technological weakness – or at least an easier place to start. When it comes to security, humans are their own worst enemies.
Social engineering and system attacks are often a one-two punch: the hacker first steals a system password by duping a human, then uses that password to launch a more systemic and devastating software-based attack.
Social engineering can involve a range of techniques, from in-person schmoozing to phishing emails designed to deceive unsuspecting targets.
Of course, con artists, spies, flatterers and impersonators have been around forever.
What’s new now is how damaging social engineering attacks can be to businesses, governments, and society. Rather than just robbing a single bank or museum, cyber attackers can now gain access to entire banking systems and billions of dollars, or to software that controls critical infrastructure like utility grids or voting machines.
Not to mention that social engineering attacks can also be completely devastating to individuals (for example in cases of identity theft).
So: everyone should be on the lookout for social engineering attacks, in business and in life. Because you never know when it might actually be a wolf.