Social Engineering, the act of tricking people into divulging confidential information such as passwords or credit card numbers, is prevalent on the Internet.
The most common form of Social Engineering seen today is called Phishing.
Ever receive an e-mail from your bank warning you that your account was overdrawn and that you needed to click on a link to remedy the situation? Or how about a notice from your system administrator that there was a problem with your ONID account that could be resolved if you would please supply your username and password in a response to the e-mail?
Internet con artists are using these various methods to trick you into providing the information needed to steal from you. Phishing isn’t limited to e-mail; there are fake websites out there as well, often designed to take advantage of a misspelling of a common address.
And as technology advances, so does Phishing. We’re now seeing “spear phishing,” a highly targeted attack aimed at the employees of an organization—or the students of a school—and “whaling” which is a targeted phishing attempt aimed at executives of an organization.
Social Engineering doesn’t necessarily require you to be connected to the Internet or to even be using a computer. It is easy enough for someone to call you on the phone pretending to be someone else (such as a computer support person at the university or an employee of your bank) and ask you to provide information. By doing a little research on an organization via their website, an Internet con artist can be quite convincing in pretending to be someone else.