Computers are an incredible invention. You have to admire their colossal power to spawn an embarrassment of riches in the global labor market.

There is no doubt in my mind that we would have long ago entered a very deep recession – no, that’s wrong; it probably would have been an overwhelming economic depression, the depth of which would have greatly exceeded the experience of the 1930’s – had it not been for the computers and the wired world.

The above information about a prospect of an economic depression and talking about the one of 1930’s, has absolutely nothing to do with the primary subject of this article.

However, I wanted to write something controversial early in this piece. That way, people who can’t be bothered to read to the end, will have something to talk about before they head off in search of a heading with Tiger Woods or any other celebrity. But I digress.

Now social engineering is certainly a term you almost never hear about in your day to day casual conversation.
To break it down for you (It is exceptionally unlikely that you did know it), Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques such as sniffing, cracking, and brute forcing secured networks.

So basically it is an outside hacker’s use of psychological tricks on legitimate users of a computer system, in order to obtain information he needs to gain access to the system, or getting needed information (for example, a password) from a person rather than breaking into a system using the different hacking techniques like brute forcing and cracking password protected systems.

In reality, social engineering can be any and all of the things which include an element of manipulation of the human mind, depending upon where you sit.

The one thing that everyone seems to agree upon is that social engineering is generally a hacker’s clever manipulation of the natural human tendency to trust.

The hacker’s goal is to obtain information that will allow him/her to gain unauthorized access to a valued system and the information that resides on that system.

I don’t know about you, but I find possibility of someone breaking into a system without actually hacking it to be nothing short of extraordinarily amazing.

The basic goals of social engineering are similar as hacking in general: to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial spying, identity theft, or simply to disrupt the system or network.

Typical targets include telephone companies, big-name corporations and financial institutions, military and government agencies, and hospitals.

Finding good, real-life examples of social engineering attacks is difficult. Target associations either do not want to own up that they have been victimized (after all, to admit a fundamental security breach is not only embarrassing, it may end up damaging the association’s reputation).

This is one of the reasons you rarely hear about social engineering.

As for why organizations are targeted through social engineering – well, it’s often an easier way to gain illicit access than are many forms of technical hacking. Most of the big organization’s networks are beefed up with firewalls and intrusion detectors that will give even the most skilled hacker one hell of a hard time to break through undetected.

Social engineers do not just target organizations and big companies. Sometimes they target random individuals all over the world to take advantage of the most unsuspecting of those people.

The most common method used in targeting individuals is aided by the internet (you guessed right, and its referred to as online social engineering).

On-Line (Internet) Social Engineering

The Internet is rich ground for social engineers looking to harvest passwords. The primary weakness is that many users often repeat the use of one simple password on every account: Yahoo, Facebook, Gmail, or whatever.

So once the hacker has one password, he or she can probably get into multiple accounts. One way in which hackers have been known to obtain passwords online is through phishing. Phishing is a cute name for a serious scam.

The thieves that run this type of con literally toss out bait and hope to catch a victim. The bait is usually an official-looking e-mail from the target’s bank, or from some online giant like Ebay or PayPal or some one’s social networking site like Facebook or Hi5.

The e-mails inform the victim that an attempt was made to hack their account, and they must now log in and verify their personal information. A handy link to the login page is provided within the text of the e-mail.

But that’s where things get shady. You see, the link actually takes you to a look-alike web site complete with the company’s corporate logo and standard disclaimers.

Once you log in and enter your personal information, the thieves have everything they want to make a nasty meal out of your accounts. This is considered social engineering because it’s entirely based on successful manipulating of the victim’s mind.

Another common scenario in the online social engineering schemes is Email scamming.  This type of fraud is popularly known as the Nigerian e-mail scam basically because it was mostly practiced by scammers in Nigeria.

But today’s scammers aren’t just from Nigeria; they can be from any country in the world. These inbox imposters might claim to be bank officials, lawyers, or heirs to a fortune.

In fact, they only really have one thing in common: they need you to foot the bill for some sort of advance fee, after which they’ll be happy to share millions of dollars with you.

Yes, you read that right. They expect you to either open a bank account or wire them hundreds of dollars to get the financial ball rolling.

This scam relies on the thief’s ability to forge a relationship with the victim and gain their trust. Good acting (and the promise of millions of dollars) has sucked in many victims over the years. Don’t fall for it!

Maybe you’ve received an e-mail informing you that you’ve won the International Lottery, and need to send in a processing fee before you can claim your millions. Don’t believe it.

This is just a new format for the same old scam.
If these scams are allowed to progress, something inevitably throws a wrench in the works, requiring more money to be sent. Some unfortunate victims don’t realize they’ve been scammed until their accounts have been emptied.

Just ignore and delete any e-mails you receive that promise you big money for a small initial payment. These scams aren’t limited to e-mail; some savvy thieves have gone so far as to set up accounts on social networking sites where they can make more personal contact with their targets.

Some even manipulate their victims’ emotions by pleading for help, claiming they’re in a dire situation. If you play along, your real financial situation will be worse than their pretended one!

Now if you are like me, you don’t want something of that sort happening to you.  The best way to combat social engineers is always to be the best of a nitpick you can be, always looking out for the slightest of irregularities in what people call us or mailing us trying to convince us they are in fact what they claim to be.

Paranoia is especially important if you have to sufficiently fight this act. Now you know; social engineering has nothing to do with pulleys and aero dynamics.

Ends