Now, if you look up social engineering and Wikipedia, it says social engineering in the context of information security, which is what we're interested in, refers to psychological manipulation of people into performing actions or divulging confidential information. I'm not saying that's inaccurate, but to me social engineering simply means people tricking people one way or another. Now, social engineering always surprises me because, you know, we're smart people, you know, we're, we've been around the block a little bit. So how does it happen the time after time, smart people figure out how to get passwords, access information, key codes, all kinds of stuff like that, out of otherwise smart people. Well, it boils down to what we call the social engineering principles. These are the aspects of human nature that makes social engineering effective.
So I want to run through all these and let's start with authority. authority to impersonate imply a position of authority. I'm calling from the CEOs office intimidation to frightened by threat. Do I need to talk to your supervisor consensus to convince general group agreement? Bob does that for me all the time scarcity to describe a lack of something These aren't available anywhere else familiarity to imply a closer relationship. Didn't we meet at the holiday party trust to assure reliance on their honesty and integrity.
Anyone here in the IT department can handle that task, urgency to call for immediate action. But web servers about to go down. Now for the exam. Take the time to memorize these different social engineering principles. You're going to be seen lots of questions that discuss these, make sure you're comfortable with them and what they imply