Lesson 3: Social Engineering
Social Engineering:
A vital topic in cybersecurity is the concept of social engineering. Social engineering is the exploitation of human error in order to manipulate people into compromising security. This is relevant in cybersecurity because social engineering can be used to trick people into revealing information that can be used to compromise computer systems. Social engineers use the principles of social engineering to be successful in exploiting their targets:
Principles of Social Engineering:
The Principles of Social Engineering are the specific methods in which social engineers and cyber attackers use to get information out of people. They are:
- Authority: impersonating a figure of authority
- Intimidation: intimidating, or threatening victims
- Persuading: victims that other people are doing something, so they should too
- Scarcity: asserting that there is a limited amount of something
- Urgency: asserting that there is limited time to do something
- Familiarity/Liking: gaining the favor of victims to build trust
- Trust: exploiting victims' trust
Video Resource: https://www.youtube.com/embed/v7VTJhkJUUY?t=120s Video Credit: MalwareFox on Youtube
These principles aim to exploit certain human traits and emotions. For example, authority and intimidation cause people to make decisions out of fear. Others, such as familiarity/liking, cause people to willingly give up information without thinking twice.