What is social engineering?
We’re constantly hearing the term “Social Engineering” in relation to cybersecurity and cyber-attacks, but what is social engineering?
Lexico’s Oxford English dictionary defines it as:
The use of centralized planning in an attempt to manage social change and regulate the future development and behaviour of a society
(in the context of information security) the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.Lexico
TechTarget’s Security Search defines it as:
… an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices in order to gain access to systems, networks or physical locations, or for financial gain.TechTarget Search Security
I particularly like
First documented account of social engineering?
Perhaps the first recorded account of social engineering is in the Hebraic creation story, where Adam and Eve were told by God not to eat the fruit of a certain tree. The devil, in the guise of a snake, persuaded Eve to eat the fruit, and then used her to get Adam to also eat the fruit. Read the full story in Genesis chapter 3 of the bible.
The snake starts by questioning what God said to Eve, raising doubt in her mind. It then told a bold lie – the opposite of what Eve had been told. Finally, it twisted the truth, appealing to Eve’s fear of missing out
Eve in the garden of Eden
- Did God really say…
- You will not die
- You will be like God
- Missing out on something good
Another famous example, this time from Greek Myth, is the story of the Trojan Horse
- Odysseus built a wooden horse
- Persuaded the Trojans that it was a gift from Athena
- Actually contained soldiers
- Taken into Troy where the soldiers then attacked
Which is where we get the concept of Trojan software from.
In future blog posts, I will look at different types of social engineering attacks, why we are vulnerable to them and some ways we can detect and prevent them. Next up “What is phishing?“
Do you want to learn more?
Network Midlands runs seminars to help people detect and defeat social engineering attacks. Find out more at “The Art of Deception“.