Posted: Sun May 22, 2005 12:58 pm Post subject: Social engineering
Can we define key logging and phishing attacks as social engineering methods? I need to make a categorization of attacks in an article and I am thinking to put phishing and key logging under social engineering. Is this a right approach?
Key logging certainly is not social engineering. The simplest way to define social engineering is, do you need a human at the other end of the attack for the attack to occur. The method of getting the key logger on the machine may be accomplished by social engineering it also may be accomplished by physical breakin or remote exploitation, the act of logging the keys is not social engineering in itself. The classification of key logging would fall under surveillance possiblly, depends what classifications you are using and for what purpose.
Posted: Fri Jul 22, 2005 2:42 pm Post subject: SE is .....
Social Engineering: Social Engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he is not, or by manipulation. As a result, the social engineer is able to take advantage of people to obtain information with or without the use of technology.
- Kevin Mitnick
He has spent the most time behind bars thinking of a definition for his actions than anyone i know!
Joined: 25 Jun 2006 Posts: 0 Location: Czech Republic
Posted: Fri Jul 28, 2006 7:27 pm Post subject: Re: Social engineering
I think same as prevouse poster.
Key logging is not social engieering. SE can be example way to install key logger to computer (unkow cd on your table, great name of keylogger installer, it looks as porn...)
But phishing is social engineering method, it is about psychology... but Sociel Hackers are usually want only one special target. Phishing is SE, but is not importnat who will phished, many are from all
Posted: Sat Oct 28, 2006 4:06 pm Post subject: Re: Social engineering
I would have to agree, the actual act of logging key-strokes is not SE, but the method which is used to install the logger (be it hardware or software) could be SE if some sort of trickery was used to convince the user to install the software, or find a way into the building and access to the computer to install a physical logger.
I would also say that phishing attacks are not pure SE, as there need not be any actual contact with the user (i.e. fake websites).
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum