Social Engineering is the acquisition of sensitive information or inappropriate access privileges by an
outsider, based upon the building of inappropriate trust relationships with insiders. Attackers use this
approach to attempt to gain confidential information, such as organizational charts, phone numbers,
operational procedures, or passwords in order to evaluate the organization’s vulnerability to social
engineering attacks.
Social Engineering is the term for cracking techniques that rely on weaknesses inwetware rather
than software; the aim is to trick people into revealing passwords or other information that compromises
a targetsystem’s security. Classic scams include phoning up an employee with the required
information and posing as a field service technician or a fellow employee with an urgent access
problem. Acting as a salesperson or manager is also frequently utilized.
Social engineering can be defined as misrepresentation of oneself in a verbal manner to another person
in order to obtain knowledge that is otherwise unattainable.
Social engineering, from a narrow point of view, is basically phone scams which pit your
knowledge and wits against another human. This technique is used for a lot of things, such as gaining
passwords, keycards, and basic information on a system or organization.
Generally this is done in conjunction with other reviews, and is designed to ensure that an
organization’s employees have an adequate awareness of security and the related issues.
Use the following methods to check the awareness levels within your organization:

  • Phone
  • Mail
  • Internet
  • Live visits

There is only one effective means of reducing social engineering vulnerabilities—awareness
training. Social engineering testing can be an effective means of measuring compliance to and the
effectiveness of this training.

Def Con Video