Social+Engineering

=**Social Engineering**= = = Just what do we mean by this? What are its implications for people using social __media__?

"Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures." ([]) It's simply the act of tricking someone into sharing confidential or personal information, electronically or not. An electronic example of this is used by Virus writers, who trick people into running software or opening email attachments filled with malware, so they can gain access to a foreign computer/network. With human interaction, a social engineer may target a person to trick them into spilling confidential information or completing tasks for them There are a few techniques that Social Engineers use such as appearing familiar (not acting suspicious) to the victim or using resources to obtain information about their victim, such as **social media**.

- Kyla

Social engineering refers to tricking or scamming people for fraudulent purposes. Social engineering techniques are used by cyber criminals in order to trick people into performing actions which have an adverse impact for them. The potential adverse impacts vary but include any of the following: 1. Harms the security of their computers, for example by fooling people to click on web links or email attachments that install malware on their computer; The installation of the malware is, in turn, generally harmful to the interests of the computer users as it is often used to steal a range of personal information, passwords and other useful information for financial fraud. 2. Seeks to gain access to their online accounts by tricking users into disclosing their usernames and passwords, usually by pretending to be a trusted party. These accounts could be for personal use such as online bank accounts, email accounts, ISP access accounts, e-health records accounts, or social networking accounts, eBay or PayPay accounts; or they could be for business use such as online bank accounts, tax file agent accounts, staff accounts which include personal bank account information, domain name registrar accounts, web-hosting accounts, etc. 3. Seeks to steal money from people by fooling them into providing personal identifying information or financial information such as credit card details, bank account details or tax file numbers for the purposes of financial fraud. 4. Fooling people into sending money directly to the criminal under false pretences. The aim of such trickery is to get a potential victim to do something which benefits the criminal at the victim’s expense. Social engineering doesn’t have to involve computers or online communications but it often does.

[] Jono Social Engineering is when online criminals use sophisticated technology to get into your computer. Often they try to get you to ‘urgently’ install a program that is going to fix the computer virus that you don’t have. That is how they gain access to your system. This used to be called a ‘con’. A Social engineer will often be very helpful to gain the confidence of the user, who may then disclose security settings etc. Techniques that may be used are to appeal to vanity or authority. They may appeal to greed or even eavesdropping to get the information they need. They also rely on every changing technology and that people are careless about protecting their security on line (i.e. passwords etc). With our culture relying more and more on information technology social engineering it going to be the greatest threat the any secure IT system. To prevent this happening there are many things you can do. For one thing don’t trust anyone. If a website tells you that you have a virus then you most likely don’t. This is an example of someone being easily manipulated by not thinking about what they were doing. [] I know that most of this has already been explained but oh well. -Sam Harding