Social Engineering is the practice of psychological and behavioral manipulation in order to gain unauthorized access.
What is social engineering?
Social engineering is an attack strategy that focuses on human behavior and vulnerabilities. This type of psychological attack aims to gain unauthorized access to information. Strategic pretexts can be developed to access digital or physical environments.
A social engineering attack may be used to gain access to a facility by tricking a worker into assisting by holding the door when making a delivery, gaining access into a network by tricking a user into revealing their account credentials to the false technical support staff or gaining copies of data files by encouraging a worker to cut-and-paste confidential materials into an e-mail or social networking post.
- Phishing/Spear phishing
- Open Source Intelligence (OSINT)
- Pretext Development
- Security policy and practices
BYU Social Engineering Team
In 2020, the BYU Social Engineering Team had the opportunity to participate remotely in the Temple University Social Engineering CTF Competition @CollegiateSECTF. The team was able to participate in workshops taught by the panel of judges. They also tested their social engineering skills in the OSINT, phishing, and vishing challenges. Check out more information about the 2020 team here!
There are currently no courses that specifically cover social engineering. The principles and defenses are integrated into many of the core cybersecurity courses.