Social engineering is considered to be a taboo subject in nowadays society. It involves the use of social skills or to obtain usernames, passwords, credit card data, or to compromise or altering the information and systems of an entity. Social engineering methods are numerous and people using it are extremely ingenious and adaptable. This technique takes advantage of the intrinsic nature of mankind, to manipulate and obtain sensitive information, persuading people into divulge it, using exceptional communication skills. Thus, five models of persuasion were identified, based on: simplicity, interest, incongruity, confidence and empathy, exploiting key factors which predispose people to fall victim to attacks of social engineering such as greed, self-interest, guilt or ignorance. It is well known fact that security is as strong as the weakest link in its chain (individuals) therefore, beyond technical measures, staff training is the key to success in defending against such attacks.Keywords: Social Engineering, Persuasion, Trust, Risk, Sensitive Information, Online Security, Confidence, Manipulation, Attack, Staff Training1 Social EngineeringThe society of 21st century has been defined as being based primarily on knowledge. Furthermore it has been founded on the exchange of data between all fields of activity. Nowadays, the amount of information held is directly proportional to the power that an individual can have on others; therefore, a very important aspect is not only acquiring but also protecting it from potential attacks. The emergence of numerous systems and protection mechanisms seemed to have solved the security problems. However, it has been discovered that the crucial element as remained the individual and not the machine, that installing the latest applications does not guarantee a complete protection of the system as it is not necessary to force it to infiltrate yourself, it is easier to get the information needed using persuasion or goodwill. Social engineering is a set of methods by which an individual or group of individuals are manipulated to provide access to certain information or to print a certain behaviour2 Social Engineering from a Non- Technological Point of ViewSocial engineering represents a set of methods through which an individual or a group of individuals are manipulated into providing access to certain information or used to induce certain behaviour. [1]In order to avoid technical security measures set to prevent attackers from breaking into systems, they have developed various procedures to bypass the software or hardware elements utilized. Social engineering is based on using psychological stratagems on system's users, thereby obtaining important data, such as usernames, passwords, security codes, access codes, credit card numbers and additional information for immediate benefits or ulterior ones. [2]Under the conditions listed above, plus given the fact that despite the automation of the machines and networks, nowadays, there is not a single computerized system that does not depend on human factor; social engineering is a hot topic in modern society. There will always be people responsible for providing information and maintenance of the systems. However social engineering has existed since the beginning of all times and this due to people's predilection to be polite, to help each other and trust each other. It is in human nature [3]. This technique takes advantage of the intrinsic nature of mankind to manipulate others and obtain sensitive information. In fact, most people who disclose data are aware of that, but they often believe that the information provided is not essential. The goal of social engineers, however, is to join pieces of information gathered from various sources.As for non-technological view, social engineering overlaps to some extent with the policy above all as a social science. Its development made possible the gathering and analysis of information about social attitudes and trends, as it is necessary to establish the initial state of a society and to predict the effects of decisions that might be taken. …
Read full abstract