Social engineering attacks take advantage of people's helpfulness, credulity or lack of self confidence in order to gain access to confidential data or to prompt them to perform certain actions, for example. Of all the forms of attack, this is still one of the most successful. An attacker can use social engineering, for example, to gain access to the user names and passwords of company staff by pretending to be a system administrator or manager on the phone. By alleging to acute computer problems and showing knowledge of the business (e.g. supervisor's name, work flows, etc) the victim is unnerved until he/she discloses the desired information.
Social engineering methods are often used to spread viruses and Trojan horses, e.g. if the name of an e-mail attachment with a virus promises a particularly interesting content (e.g. « I love you », « Anna Kournikova », etc.) Phishing is also a special form of social engineering attack.
Effects and risks
- Disclosure of confidential information
- Fraud
- Spreading of viruses and Trojan horses