Social engineering, in the context of information security, refers to psychologi
cal manipulation of people into performing actions or divulging confidential inf ormation. A type of confidence trick for the purpose of information gathering, f raud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. The term "social engineering" as an act of psychological manipulation is also as sociated with the social sciences, but its usage has caught on among computer an d information security professionals. Techniques and terms All social engineering techniques are based on specific attributes of human deci sion-making known as cognitive biases.[2] These biases, sometimes called "bugs i n the human hardware", are exploited in various combinations to create attack te chniques, some of which are listed. The attacks used in social engineering can b e used to steal employees' confidential information. The most common type of soc ial engineering happens over the phone. Other examples of social engineering att acks are criminals posing as exterminators, fire marshals and technicians to go unnoticed as they steal company secrets. One example of social engineering is an individual who walks into a building and posts an official-looking announcement to the company bulletin that says the nu mber for the help desk has changed. So, when employees call for help the individ ual asks them for their passwords and IDs thereby gaining the ability to access the company's private information. Another example of social engineering would b e that the hacker contacts the target on a social networking site and starts a c onversation with the target. Slowly and gradually, the hacker gains trust of the target and then uses it to get access to sensitive information like password or bank account details Pretexting Pretexting (adj. pretextual), also known in the UK as blagging or bohoing, is th e act of creating and using an invented scenario (the pretext) to engage a targe ted victim in a manner that increases the chance the victim will divulge informa tion or perform actions that would be unlikely in ordinary circumstances.[4] An elaborate lie, it most often involves some prior research or setup and the use o f this information for impersonation (e.g., date of birth, Social Security numbe r, last bill amount) to establish legitimacy in the mind of the target.[5] This technique can be used to fool a business into disclosing customer informati on as well as by private investigators to obtain telephone records, utility reco rds, banking records and other information directly from company service represe ntatives.[6] The information can then be used to establish even greater legitima cy under tougher questioning with a manager, e.g., to make account changes, get specific balances, etc. Pretexting can also be used to impersonate co-workers, police, bank, tax authori ties, clergy, insurance investigators or any other individual who could have perce ived authority or right-to-know in the mind of the targeted victim. The pretexte r must simply prepare answers to questions that might be asked by the victim. In some cases, all that is needed is a voice that sounds authoritative, an earnest tone, and an ability to think on one's feet to create a pretextual scenario.