Social Engineering – part 1 what is social engineering


We all watched movies about computer hackers who spend tons of time and effort , who write thousands of lines of codes and scripts to hack a server or steal some information from an email account , we watched movies about criminals who break into banks with big guns and very sophisticated gear just to break into a vault . this is a complicated way and expensive to get what you want from the world , There is for sure a smarter way to achieve what you want .

What if you can get all what you need (steal what you want ) without all these complications , because you see , whatever secure the system is , whatever complicated the security measures of any system , it is still controlled by humans , and we all know humans are stupid . they are the weak point of any system , this is where social engineering emerged .

Social Engineering is defined as the process of deceiving people into giving away access or confidential information. Wikipedia defines it as: "is the act of manipulating people into performing actions or divulging confidential information. Whatever Secure the system is , even if is 100% secure , if you utilize social engineering right , you can consider it yours . Many consider social engineering to be the greatest risk to security. From a security standpoint, it is more a collection of tools and techniques that range from negotiation, sales, psychology and ethical hacking.

Who can benefit from social engineering ?

Social Engineers t can be broken down in many categories. They range from professional spies and hackers to sales persons and everyday people.

Categories of Social Engineers


Hackers can for sure use social engineering because lets face it the human weaknesses are far less easier to break and manipulate than network weaknesses . Many times hackers "win" when it comes to the battle because they are not limited by time or lack of motivation. Whereas the normal IT Director goes home at 5 or 6pm, the hacker will work 24 hours a day to accomplish his/her goal. After they have spent the time and due diligence to research every aspect of the target they can launch an all-out attack on the human infrastructure that can literally devastate a company in a matter of minutes. Obtaining personal information, password, remote user accounts and more the hacker will then use this information to launch a technology attack on the target.

Spies or Espionage

Spies from all around the world are taught different methods of "fooling" victims into believing they are someone or something they are not. In addition, to being taught the art of social engineering, many times spies will also build on credibility by knowing a little or even a lot about the business or government they are trying to SE.

Identity Thieves

Identity theft is the use information such as peoples names, bank account numbers, addresses, birth dates, and social security number without the owners knowledge. This can range from putting a uniform to impersonate someone or an elaborate scam involving DNS poisoning and phishing scams.

Scam Artists

Since the beginning of scams , Social engineering had been used to deceive the victims into believing things that are not true , and the reason that SE is used is simply because it works .

Sales People

Sales people are every where and arguably everyone is a salesman. These people have a product or a service that they want you to buy.They Employ SE to convince you into buying this product or service , for sure you have dealt with a Sales person yourself and you can understand what I mean .


Governments employ social engineering methods on a regular basis in efforts to sway public opinion to support government actions. This can be done in a structured basis by politicians or by government

A common social engineering method utilized by governments is influencing the use of language to alter public opinion. By dictating the words that are used to describe people or events, governments are able to frame discussions in a manner that is favorable to them.


· Terrorist vs Freedom Fighter

· War on Drugs vs Narcotics Enforcement

· Pro-Choice vs Pro-Abortion

· Torture vs Extreme Interrogation Tactics

· War vs Police Action

· Bomb vs Smart Bomb

Everyday People

Social engineering methods are utilized by many people on a regular basis. This is often done without direct intention by the person making use of the method; they are utilized simply because they are so effective.

Children utilize social engineering methods early on in life. They make use of multiple methods, with the most common focused on a parents desire to make the child happy.

Parents often focus on a child's desire for approval when employing social engineering methods. This is normally done through manipulating the child's desire to have the parents approval.

Social engineering methods are employed by most customer service areas at the first contact with the customer. A friendly, cheerful manner is often employed with the intent of the customer mirroring this behavior making them easier to interact with.

Doctors and philologists will need to utilize aspects of social engineering such as elicitation and observance to obtain useful information on their targets, or patients. The use of good questions and then prescribing treatments can also be a form of one of the aspects of social engineering.

1 comment: