Social engineering is a fancy name for manipulating a person into giving you access to which you are not normally entitled. This almost always involves lying about your identity or your intent. Here is a transcript of a class social engineering trick used to convice a user to divulge his password: [user] Hello? [hacker] Hi, this is Bob from IT Security. We’ve had a security breach on the system and we need every user to verify their username and password. [user] What do I need to do? [hacker] Let’s walk through a login, just to make sure everything is fine. [user] OK [hacker] OK, go ahead and login. What username are you coming in as? [user] My username is “smith”. [hacker] Excellent. What password are you using? [user] I am using the password “drowssap”. [hacker] Do you have a system prompt yet? [user] Yes, I’m in. [hacker] OK, there you are. I see you now. Everything is fine. We appreciate your cooperation. [user] OK, goodnight. [hacker] Thanks again, goodbye.
I didn’t know there were still people believing this stuff. I’m glad the big websites like Twitter etc. do prevent this by informing users about phishing