ABSTRACT
Most security solutions directed at protecting data contained within the confines of an organization’s network are generally software centric. A good social engineer understands that people will, in general, consistently react to certain situations. This is based on a series of assumptions about human psychology. The rules are essentially as follows: Recognition of and respect for authority, Politeness, professional customs, and courtesy and Conformity in the workforce. If a social engineering cyber criminal poses as someone in authority and is believed to be legitimate, people are far more likely to obey directions and assist the cyber criminal. There are many different methods employed by social engineering criminals to illegally gather information. Shoulder surfing occurs when a cyber criminal stands in such a manner as to view otherwise inaccessible information being displayed on a computer being used by an authorized user.
