What is social engineering?
Social engineering, in the context of computer security, refers to getting people to reveal personal information or other confidential data. It's an umbrella term that includes phishing, pharming, and other types of manipulation. While 'social engineering' may sound innocuous (as it is similar to social networking), it relates specifically to malicious activity and is a topic that all internet users should understand.
In contrast to hacking, social engineering relies more on tricks and psychological manipulation than on technical knowledge. For example, a malicious user could send you a 'phishing' email asking you to reset your username and password for a particular website. The email appears to be legitimate. However, if you click the link in the message, you may be directed to a fake website that is collecting your information.
Another common type of social engineering uses false warnings on websites. For example, when you open a web page, you might get a message that your computer has a virus and that you need to download a specific program or call a phone number to fix the problem. In most cases, these warnings are generated automatically and are completely false. If you follow the instructions in the warning message consequences, you can in the end Spyware download or share personal information over the phone.
Social engineering can also be done through social media. For example, malicious users can post public messages on sites like Facebook and Twitter that trick people into sharing personal information. Fake giveaways and price alerts are typical examples. In some cases, social engineers even build relationships with others using online chat or private messaging before tricking them into disclosing sensitive information.
While most internet users harbor no malicious intent, social engineering is an unfortunate reality of the internet. As such, it is wise to be skeptical of any messages, emails, or websites asking you to share personal information - especially if the request is from an unknown source. You can often check the legitimacy of a message by checking the website's domain name or by contacting the author of the message. If you can't verify the origin of a request, don't follow the instructions. Detecting fake news on the internet can help you avoid falling victim to social engineering.