In computer security, many issues occur despite the users best efforts.
But being hit like this isnt the users fault.
Other attacks though focus on tricking the user into doing something.
These types of attacks come under the broad banner of social engineering attacks.
Social engineering involves using analysis and understanding of how people handle certain situations to manipulate an outcome.
Social engineering can be performed against large groups of people.
An example of social engineering against a group of people could be attempts to cause panic as a distraction.
At some level, simple propaganda, gambling, and advertising are also social engineering techniques.
In computer security though, the actions tend to be more individual.
Phishing tries to convince users to click and link and enter details.
Many scams take a stab at manipulate based on fear or greed.
First, they must convince the victim that the message is legitimate and get them to hit the link.
This then loads the phishing page, where the user will then be asked to enter details.
Usually, this will be their username and password.
Many scams give a shot to social engineer their victims into handing over money.
The classic Nigerian prince scam promises a large pay-out if the victim can front a small advance fee.
Of course, once the victim pays the fee no pay-out is ever received.
Other types of scam attacks work on similar principles.
Convince the victim to do something, typically hand over money or install malware.
Ransomware even is an example of this.
The victim needs to hand over money or risks losing access to whatever data was encrypted.
There are plenty of example scenarios.
One of the most basic is called tail-gating.
This is hovering close enough behind someone that they hold open an access-controlled door to let you through.
Tail-gating can be enhanced by setting up a scenario in which the victim might help you.
Another method is to be seen to be carrying something awkward.
This technique is even more likely to succeed if what youre carrying could be for others.
Much of in-person social engineering relies on setting up a scenario and then being confident within it.
Conclusion
Social engineering is the concept of manipulating people to achieve a targeted aim.
One way involves creating a real-looking situation to trick the victim into believing it.
