Social Engineering

The first question that needs to be answered in this chapter is what IS social engineering? Social Engineering can best be defined as the practice of manipulating people, though a variety of strategies, to get them to accomplish a desired action. It can be stated in layman’s terms as: "Makes target take action they otherwise wouldn’t have". Social engineering is usually seen along side with phishing attempts before password attacks occur.

Key Principles of Social Engineering

Every social engineer relies on two things: human reaction and human response, and thusly every principle of social engineering will try to stir and guide the human response. When it comes to the principles themselves there are seven broad principles: Authority Based, Intimidation Based, Consensus Based, Scarcity Based, Familiarity Based, Trust Based, and Urgency Based

The principle of authority based social engineering relies on the fact that most people will obey someone who presents themselves to be in charge or knowledgeable; can be especially effective when targeted at new employees.

The principle of intimidation based social engineering relies on bullying or even scaring a target into taking a desired action. Targets will often describe themselves as feeling threatened into doing what the social engineer wanted them to do.

The principle of consensus based social engineering relies on the fact that people ten to want to what others are already doing. This is also sometimes called social proof social engineering.

The principle of scarcity based social engineering relies on the fact that something looks more desirable when its in short supply; can make people forget obvious security procedures.

The principle of familiarity based social engineering relies on the individual knowing the social engineer or the group the social engineer is claiming to be from. Will make the target feel as if everything they are doing is normal and as it should it be.