Infiltrating a physical building or information systems using non-technical means. Searching user desks for passwords on notes, lying to staff to gain entry into a system and eavesdropping are all examples of social engineering.
When an attacker uses his skills of communication to get what he wants. A "CON", lying, trickery, etc. Some examples: Dressing up like an A/C Technician or phone company worker and just walk around your facility like they know what they are doing. Social Engineering may include calling unsuspecting employees, posing as someone as another person in the company and getting them to divulge confidential information.
To talk, lie or play acting or verbal wordings to trick legitimate users for secrets of the systems such as the user lists, user passwords and network architecture.
Social Engineering are persuasive tactics used by a hacker to talk a user into providing information. The hacker then employs this against the user or the organization. This often involves faking a role of authority in order to gain access to data or passwords.
convincing a computer user to provide information, for example passwords, that makes gaining access to a computer or online account easy.
conning your way into acquiring information that you have no right to.
Term used among crackers for exploiting potential weaknesses in people to their advantage, for e.g. hoodwinking someone into giving out sensitive information such as passwords and usernames.
Tricks performed by malicious users offline to gain access to secure systems, for example impersonating a technical support agent.
Hackers may use "social engineering," a scheme using social techniques to obtain technical information required to access a system. A hacker may claim to be someone authorized to access the system such as an employee or a certain vendor or contractor. The hacker may then attempt to get a real employee to reveal user names or passwords, or even set up new computer accounts.
the process of gaining privileged information by skillful lying, usually over a telephone
term often used to describe the techniques virus writers and hackers utilize to trick computer users into revealing information or activating viruses
Social engineering is the art and science of getting people to comply to your wishes. It is not a way of mind control, it will not allow you to get people to perform tasks wildly outside of their normal behavior and it is far from foolproof. (From http://packetstormsecurity.nl/docs/social-engineering/aaatalk.html )
Techniques used to trick people into divulging protected information, taking action based on false information, or altering restrictions to secured access. Example: look-alike e-mails that trick people into providing their account ID and password.
The usual way of defeating security – talking someone into giving away secrets. Typically, someone will pretend to be a systems administrator and ask someone to reveal his or her password, for some spurious but plausible reason.
A cracker term for tricking users of a system to reveal passwords so that the cracker can gain entry to the system. A common technique is to contact users in chat or e-mail on a system, pretend that they are employees of the system performing security checks, and insist that the users give their password to prove who they are or their account will be closed. Such requests are never legitimate! Social engineering schemes can be quite ingenious and convincing and more subtle than the simple technique above. Never reveal a password or even give hints what it may be.
the practice of obtaining confidential information by manipulation; for example, people claiming to be administrators may trick computer users in to divulging sensitive information such as passwords.
An attack by an unauthorized person that is based on deceiving users or administrators at the target site.
Manipulating users into giving confidential data, by exploiting trust (i.e., criminal pretends to be your financial institution) or common behavior (i.e., clicking email links).
The act of conning someone into giving out personal information.
"Social Engineering uses very low cost and low technology means to overcome impediments posed by information security measures" (quote from reference below.) In other words, social engineering is the skill of bullshitting or tricking someone in order to get something that you want from them - for instance, a password or system access. A reference to a really wonderful paper ( Information Security Technology?...Don't Rely on It A Case Study in Social Engineering, by Winkler and Dealy) can be found in the papers page.
The practice of obtaining information by manipulation of users, administrators and other staff. A social engineer can use the telephone, internet or something as simple as a conversation to trick people into revealing information or getting them to do something against policy. Social engineers exploit the normal reaction of a person to trust another's word to gain access or information, rather than exploiting technical security holes. It is probably the most effective attack on any security or other type of system ever devised.
Term generally used in reference to a method used to compromise computer security. It specifically refers to various techniques to play on human emotion, training and other psychological factors to cause the target being "engineered" to act in a way that benefits the party attempting the engineering. An example is to get a person to click on a link that will install malicious software on the target computer a hacker might title the link "Funny story" or "Insert_famous_person_name_here caught nude". The Anna Kournikova virus was a classic example of social engineering in action. Users expecting to see a provocative graphic of the famous tennis star were instead treated to a nasty infection of their computer system with a viral worm.
A low-tech approach to fraud: talking someone into revealing information they shouldn't.
Techniques are used to obtain passwords, addresses, and other information that can be used to attack a computer system.
A computer criminal or vandal will use the easiest method to gain access to the desired data or machines. These methods may include pretending to be an employee who has forgotten a password, casually viewing passwords entered carelessly by authorized users, or by other means where the natural trust of people is taken advantage of. These methods work just as well inside or outside the enterprise. A disgruntled employee using the account of his office mate to gain inappropriate access to data after hours can be just as dangerous as the corporate spy or computer vandal.
An attack based on deceiving users or administrators at the target site. Social engineering attacks are typically carried out by telephoning users or operators and pretending to be an authorized user to attempt to gain access to systems illicitly.
Social Engineers trick their prey into revealing sensitive or confidential information. A Social Engineer disguised as a trusted individual might use the phone, e-mail, or even face-to-face conversation to try to get information.
Manipulating a social interaction so that your victim unwittingly divulges information or gives you access to a restricted area. Social engineering can range from rifling through a company's dustbins to posing as someone from technical support. Phishing is another term for social engineering.
In the context of computer security, social engineering refers to “con games†or related human interaction methods for obtaining information necessary to break into computer systems and networks. Examples include tricking a target into revealing his or her password, or looking over the targetâ€(tm)s shoulder.
The term social engineering has come to describe the act of winning the trust of individuals such as company employees to gain information which will be used to access computer systems. Typical social engineering techniques include using the telephone and posing as the employee of companies such as financial institutions or utilities, 'tailgating' employees into a corporate office through secure doors.
Social Engineering is the practice of misleading and misdirecting a person in such a way as to attain information through social interaction.
A euphemism for non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems.
Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information.Mitnick, Kevin; KasperaviÄius, Alexis: "Certified Social Engineering Prevention Specialist Course Workbook.", page 4. Mitnick Security Publishing, 2004. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most (but not all) cases the attacker never comes face-to-face with the victim.
Social engineering is a concept in political science that refers to efforts to influence popular attitudes and social behavior on a large scale, whether by governments or private groups. In the political arena the counterpart of social engineering is political engineering.