Social Engineering is the art of deceiving or manipulating a person to engage in an activity which may or may not be in the best interest of that person. Social engineering encompasses activities such as obtaining the information of someone else deceitfully, gaining access to the computers of other people without their consent and getting a person to fraudulently engage in activities which they could not have engaged in ordinarily (Hagnagy 9-10).
Further, social engineering does not consist of merely one action. On the contrary, social engineering entails a multiplicity of skills fitted into a particular framework which when applied collectively give rise to particular actions. The art of social engineering can be used to confer a benefit or to harm the target. Social Engineering can both be beneficial or harmful (Mann 15-22).
One way through which social engineering can be used to attack is through internet phishing. A phishing attack is a form of social engineering where an attacker sends an email address or redirects his target to a website requiring them to provide personal information. The attacker poses as a trustworthy source and as such the target might not be suspicious. An example of social engineering attack by way of phishing which has led to massive losses is by way of fraudulent online lotteries.
According to the United States Computer Emergency Readiness Team, for one to ward off social engineer attacks you need to be mindful of the following. For one, it is paramount to never provide personal information to a person or website unless one is confident about the identity of the recipient. Secondly, never divulge financial information via email. Thirdly, before dispatching any sensitive information via the internet, it is critical to ascertain the website’s security and always scrutinize thoroughly the URL of a site before visiting the site. Finally, one should ensure you install protective tools and features such as firewalls, email filters, and antivirus software.
A good example is the El Gordo lottery scam which came into being in the year 2005 and has been continuing to date. The crafty scammers managed to successful persuade their targets that they had won millions in the El Gordo Spanish Lottery. The targets were lured into sending a fee which was a prerequisite for the award to be processed and forwarded to the winners. Recipients were also required to provide personal details, bank account numbers, and signatures. The scammers tricked the targets into believing that the details would be used to wire the cash award directly into their accounts. The victims lost a lot of money as their bank account details were used to transfer funds from their accounts.
Works Cited
Hadnagy, Christopher. Social Engineering: The Art of Human Hacking. Indiana: Wiley
PublishingIncorporation, 2010.
Mann, Ian. Hacking the Human: Social Engineering Techniques and Security Countermeasures.
Hampshire: Gower Publishing, 2012.
United States Computer Emergency Readiness Team. Security: Avoiding Social Engineering and
Phishing Attacks. Available at: https://www.us-cert.gov/ncas/tips/ST04-014