social engineering definition by Webster's New World
- social engineer noun
social engineering definition by American Heritage Dictionary
- social engineer social engineer noun
social engineering - Computer Definition
The use of deceptive or fraudulent means that rely on expected human behavior, often used to gain access to information such as a computer access number, password, or user ID. See also pharming, phishing, and pretexting.
A deceptive process in which crackers “engineer” or design a social situation to trick others into allowing them access to an otherwise closed network, or into believing a reality that does not exist. To crack computer systems, crackers often employ their well-honed social engineering skills. A robust sample of social-engineering case studies can be found in Kevin Mitnick’s book The Art of Deception.
Social engineering can also be used in noncyber-related crimes. A 2005 case involved a 39-year-old U.S. woman by the name of Anna Ayala, who filed a complaint to police in March saying that a human finger was in the chili bowl she purchased from a San Jose Wendy’s fast-food outlet. The police, believing that the complaint was a hoax after they investigated the claim, eventually discovered that the finger belonged to a man who lost his finger in an industrial accident in December 2004. He gave his finger to Anna’s husband, who gave it to Anna. Anna apparently “social engineered” a fake reality and was convicted of filing a false claim and of grand theft and sentenced to nine years in prison. The Wendy’s company offered a $100,000 reward for information regarding the claim, for it said that the crime cost it millions of dollars in sales. Apparently, the company had to lay off dozens of employees at the San Jose worksite because business there was harmed.
Associated Press. Police Identify Source of Finger Found in Chili. The Globe and Mail, May 14, 2005, p. A2; Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime: A Reference Handbook. Santa Barbara, CA: ABC-CLIO, 2004.
Using deception to obtain confidential information from someone by phone or in person. For example, the "social engineer" may persuade someone to reveal an ID or password for a supposed benign purpose (my computer is down, can I use yours in the meantime). Sometimes, a combination of social engineering and hacker skills are used to steal information. However, no matter how secure a network may be, the "con" played by the social engineer is often the most effective way to break in. Outside the computer world, social engineering means to influence attitudes and behaviors. See pretexting and shoulder surfing.