Social Engineering. No, it’s not a new major offered at M.I.T. It’s not an Idaho “bunker-buddy” term describing the New World Order or the Illuminati’s plan for world domination. And it wasn’t a boating accident. It was a shark.

Where did that come from? Just seeing if you’re awake.

Social engineering is a set of tactics and psychological tricks that prey on people that are, well, just being people. It’s using our humanity against us. Social engineering takes advantage of human traits like greed, curiosity, lust, and ego to get us to do things we might otherwise not do.

Advertising agencies learned this long ago. A certain beer makes you more attractive to the opposite sex. Call now for a FREE brochure to learn to make MILLIONS from the comfort of your own home! You can’t be happy or satisfied unless you have this car, that house, those clothes. In its early days it was called “keeping up with the Joneses”, which were our neighbors next door. Today, our “next door” has opened onto the internet, and along with all the good (and there is good), we have the ability to get to the worst of what human beings can be.

Here’s an example of social engineering at work. A hacker writes a worm designed to erase the contents of a computer’s hard drive. He (alright, it could be a “she”) wants to affect as many people as possible. He can’t, however, do it all alone. He needs help. He needs you.

So, he embeds the worm in a file he thinks you can’t resist opening, and attaches it to an email message. A photo of a scantily (or un) clad movie star or starlet. A digital video file of a blockbuster movie that’s still in theaters. Free software. As a side note, people have actually picked up viruses by downloading and attempting to install a file that claimed to be the entire Microsoft Office suite. A second glance showed the file to be only 140 kilobytes (not megabytes) in size.

Back to our “social-engineering-savvy” hacker. Next, he’s banking on the fact that you can’t resist sharing your little secret with others. He knows you’ll forward your treasure to others, spreading the worm as you go.

Unfortunately, there’s no way for computer security companies to keep up, as long as we ourselves are willing conspirators. After all, you can’t create a software patch for human nature.

© 2006 Peter F. Zimowski