The True Meaning Of Social Engineering.
I've been SEing for over 30 years and to this day, I'm at a loss as to how major security firms fail to understand precisely what's Involved In the art of human hacking. For Instance, Webroot who's been around since the late 90s, says: "Social engineering Is the art of manipulating people so they give up confidential Information". Really? Is that all there Is to It? Moreover, Kaspersky explains It In a similar fashion, with the addition of: "To lure unsuspecting users Into exposing data, spreading malware Infections, or giving access to restricted systems". Do they honestly believe that social engineering Is solely relative to this alone? Enough said. Allow me to explain It to you In my very own words as follows.
My definition of Its true meaning Is: "Social engineering Is manipulating the person or entity on the other end Into doing something they're not supposed to do". When you think about It, It's really as simple as that. Whether It be obtaining confidential Information by deceiving the store manager Into giving up an employee's date of birth, refunding a cell phone from Amazon by manipulating the representative and claiming that you didn't receive It, or simply pretending to be a cleaner by getting an employee to hold the security entry door open for you, thereby gaining unauthorized access to a restricted building- they're all relative to one thing, "social engineering". That Is, "manipulating" the person on the other end to achieve your objective.
As you can see with all the above, each have a different outcome- one Is Information gathering, the other Is obtaining a free cell phone and the last one Is entering a secure building. However, Irrespective of their Intentions, a single commodity was used to solidify the end result- and that was "social engineering". You see, the "result" of your attack, Is of no relevance. It's the "method" that's used to achieve the result, that's classed as social engineering. And the "method" Is the "manipulation". It doesn't matter "what your goal Is", but what does matter Is "how you achieve It". And It's this that gives social engineering Its name! I wish that some day the security firms mentioned In the opening paragraph, will get Its definition right.