Social engineering, in the context of computer security, refers to tricking people into divulging personal information or other confidential data. It is an umbrella term that includes phishing, pharming, and other types of manipulation. While "social engineering" may sound innocuous (since it is similar to social networking), it refers specifically to malicious acts and is a topic all Internet users should understand.
Unlike hacking, social engineering relies more on trickery and psychological manipulation than technical knowledge. For example, a malicious user may send you a "phishing" email that says you need to reset your username and password for a specific website. The email may appear to be legitimate, but if you click the link in the message, it may direct you to a fake website that captures your information.
Another common type of social engineering uses false alerts on websites. For example, when you open a webpage, you might receive a message saying your computer has a virus and you need to download a specific program or call a phone number to fix it. In most cases, these alerts are auto-generated and are completely false. If you follow the instructions in the alert message, you may end up downloading spyware or giving away personal information over the phone.
Social engineering may also take place through social media. For example, malicious users may post public messages on sites like Facebook and Twitter that lure people into sharing personal information. Common example include false giveaways and prize alerts. In some cases, social engineers will even build relationships with others using online chat or private messaging before convincing them to divulge confidential data.
While most Internet users do not harbor malicious intent, social engineering is an unfortunate reality of the Internet. Therefore, it is wise to be skeptical of any message, email, or website that asks you to share personal data — especially if the request is from an unknown source. You can often verify the legitimacy of a message by checking the domain name of the website or contacting the author of the message. If you cannot verify the origin of a request, do not follow the instructions. By recognizing fake messages on the Internet, you can avoid being a victim of social engineering.
Updated: August 20, 2016