Social Engineering

The Merriam Webster dictionary defines Social Engineering as social methods (such as phishing) that are used to obtain personal or confidential information which can then be used illicitly. That is, Social Engineering is when attackers search for or solicit information from a person to use it for illegal purposes (such as stealing money) or further security attacks (accessing one's accounts).

Social Engineering attacks are increasing in our well-connected world, so discussing them in an information security course is a must.

For example, social media websites such as Facebook are used by attackers to collect information about people, which in turn can be used in their attacks, or can be used to initiate attacks. Moreover, many of the images posted on social media, like family photos or photos of the company picnic, can reveal lots of information that is otherwise unavailable to the outside world.

Unlike in other attacks, the targets here are not primarily computers but human beings.