DDoSPedia is a glossary that focuses on network and
application security terms with many distributed
definitions. It provides a central place for hard to find web-scattered
definitions on this topic.
Social Engineering (within the context of computer security) is the act of using psychological manipulation in order to gain access to sensitive information, computers, or computer networks. Many famous computer hackers (both white hat and black hat) have used social engineering in combination with computer-related methods in order to gain information; reformed cyber criminal Kevin Mitnick admitted that it’s much easier to trick a person into giving up sensitive passwords or information than it is to obtain the same material solely through the use of computers.
One example of a social engineering technique is “pretexting”, or engaging the target subject in a specific manner with some form of background information that makes it more likely that he or she will divulge sensitive information. Pretexting often involves extensive research, as the social engineer will need to prepare answers to identifying questions that he or she may be asked during the process of obtaining information. This newly obtained information can often be used in further pretexting attempts, especially in scenarios where the social engineer wishes to gain even greater access to his or her target.