1. Technology
You can opt-out at any time. Please refer to our privacy policy for contact information.

What are Social Engineering Attacks?

By October 10, 2008

Follow me on:

A social engineering attack is one in which the intended victim is somehow tricked into doing the attacker's bidding. An example would be responding to a phishing email, following the link and entering your banking credentials on a fraudulent website. The stolen credentials are then used for everything from finance fraud to outright identity theft. An old adage comes to mind here, "it pays to be suspicious". With socially engineered attacks, the opposite is also true - if you aren't suspicious, you likely will end up paying.

In addition to phishing, social engineering attacks can come in many forms - email that masquerades as breaking news alerts, or greeting cards, or announcements of bogus lottery winnings. Pump and dump stock scams are also a form of social engineering, playing on the recipients' natural desire to take advantage of a good deal. It's important to remember that if something sounds too good to be true, it's probably a scam.

Social engineering attacks are also often used to trick users into infecting their own systems - for example, by disguising the malware as a video codec or Flash update. An email is sent enticing the recipient to view a bogus video clip, the victim visits the link contained in the email and installs the "codec/update" which turns out to be a backdoor Trojan or keystroke logger.

Remember: with social engineering scams, the attacker is relying on you to make the wrong choice. Choose not to be a victim.

Comments
October 11, 2008 at 8:21 am
(1) George Cozma says:

Social engineering attacks might indeed come most often in your inbox, but the most dangerous ones come from other mediums.

The telephone, your open wireless internet connection or your TV are much more dangerous since you inherently trust them.

Regards, George

October 16, 2008 at 1:35 am
(2) Ramanathan says:

Social Engineering attacks might indeed come most often in your inbox, but the most dangerous ones come from other mediums.

May 26, 2009 at 8:51 am
(3) S.Pradeep Kumar says:

Social Engineering will come under Ethical Hacking ? ..

June 15, 2010 at 2:33 am
(4) Ashok says:

social engineering attacks are the worst attacks up to me,, lots of attackers sending emails saying that my bank account is in problem, so login the account by following the links,,, it takes to the website which resembles to the real back,, it should be stopped..

June 23, 2010 at 6:31 pm
(5) Peter says:

I had a codec one when I asked about a Miata on Craigslist. It refered to a site that had a video relating to the Miata. The site wanted me to download a codec. At the same time the car ad istself was a money order type scam This ad had two scams going for it.

June 28, 2010 at 3:14 pm
(6) How to tweak says:

my inbox is full of these emails,I have already made two new emails just to get rid of these scam emails,any idea on how to stop getting them?

December 9, 2010 at 2:28 pm
(7) Christmas Angel60 says:

How can you tell if your authenticator for WOW has been hacked? I don’t play…but my daughter does and I think her friend is using her authenticator when she isn’t playing?

December 9, 2010 at 5:03 pm
(8) Mary Landesman says:

The WoW authenticator is a physical device tied to a specific account. The account can’t be accessed without the device, so as long as you make sure the authenticator is in your possession (or your daughter’s), the friend could not use it.

July 29, 2011 at 9:38 am
(9) vicace says:

for people who are new to the online world. just wait for a friend if not the bunch of them to do a thing and then follow it after verifying that they are OK. thereby you wont get abused by these so called hackers.

Leave a Comment

Line and paragraph breaks are automatic. Some HTML allowed: <a href="" title="">, <b>, <i>, <strike>

©2014 About.com. All rights reserved.