ABSTRACT
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. The goal of social engineering techniques is to gain unauthorized access to systems or information to commit acts such as fraud, network intrusion, industrial espionage, or identity theft. The groups or individuals who are or may be "social engineers" include but are not limited to hackers, penetration testers, spies, identify thieves, disgruntled employees, and scammers. Social engineers use different techniques to acquire sensitive information from the legitimate users of a system. Social engineers often use the following techniques to collect needed information for their attacks: physical location, phone, trashing, mail theft, and social networking. The chapter reviews a few fundamental frameworks explaining the principles of human behavior that social engineers successfully use to acquire users' credentials.
