Register now or log in to join your professional community.
A non-technical method of intrusion which hackers use that relies heavily on human interaction (mainly email / websites or Direct Phone calls) and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter.
The threat of technology-based security attacks is well understood, and IT organizations have tools and processes
in place to manage this risk to sensitive corporate data. However, social engineering attacks are more challenging to
manage since they depend on human behavior and involve taking advantage of vulnerable employees. Businesses
today must utilize a combination of technology solutions and user awareness to help protect corporate information.
Financial gains are the primary motivation of social engineering. Social engineering attacks are costly especially in large organizations. New employees are most susceptible to social engineering technique.
Hope this helps.
Basically Social Engineering is from one of the phases of Hacking /Ethical Hacking (Penetration Testing) In which the Penetration tester or Hacker used to grab attention of the endusers through various methods like phishing, fake user registration forms and much more the ultimate objective is to gain the valuable information from the enduser easily for instance A hacker used to clone a website of facebook and then send it to the enduser with some redirections of submit button although it comes with another name but its usually been observed and tested that we don't look and examine the url address of the website once we click to open any hyperlink then the enduser put their username and password on and click on submit button once it clicked then webpage send the information to the hackers defined point which could be an email address or the datebase or in any source and as a result the persons identification and other valuable information is being compromised.
In simplest form the social engineering is a method to manipulate the enduser and to test the behavior of the enduser to extract valuable information.
An intrusion method in which the hacker steals the valuable data by exploiting vulnerabilities of human behavior.
