A-Z Glossary of Information Security and Social Engineering Terms

Social Engineering

Social Engineering

A collection of techniques that use human vulnerabilities to manipulate people into performing actions or divulging sensitive information. Many hackers have realised that instead of trying to penetrate technical defences, it is sometimes easier to use good old-fashioned manipulation techniques to install a trojan on a PC or find out a user’s password.

This might involve sending the target an email purporting to be from someone else (phishing) and using emotions, such as fear or a sense of urgency, to persuade them to reveal information or download a malicious file. Some of the biggest data breaches in history have used social engineering. For example, one of the world’s largest IT security companies, RSA, got hacked in 2011 by an employee who opened a malware-laden Excel spreadsheet sent through email. Just by this simple action, the unfortunate employee ended up compromising the company’s entire IT network and RSA were forced to redistribute 40 million SecureID tokens (one of their flagship products) to their customers. Each year, thousands of computer users in Ireland get duped by emails purporting to be from the Revenue Commissioners, financial institutions, suppliers and colleagues or friends who've had their own email accounts hijacked.

This has resulted in both financial and data losses due to systems being maliciously encrypted or wiped. Ironically, the users who claim immunity from such “obvious scams” are the very ones who get duped, as they often underestimate the sophistication of the techniques used. Social engineering continues to be a potent attack vector that sidesteps even the most robust technological defenses.

Got a question?

If you would like to make an enquiry about any of our services click the "Contact Us Now" button and fill in your details.