I read in here certain opinions about social engineering so i decided to write an article about it.
First of all, I want to clarify that social engineering is only PARTLY related to computers. Social engineering has existed since the beggining of humanity.
In my opinion social engineering is the art of conquering a target without even attacking the target. In order to succeed in a social engineering situation you MUST be subtle. Your only weapon is the weakness of human nature. The information you need to find or the goal you need to reach will be achieved only if you exploit human nature to the fullest. To my thinking the weaknesses of our nature are:
Before beginning an operation observe the victim, find its weaknesses, and then use them. If there are no visible weaknesses in your victim then INSTILL them in it.
Let me give you an example:
Let' s assume that you want to hack an account on a website but the security level of the website is too high.
Approach your victim, observe it, learn its weaknesses and even create them. Supposedly, your victim has no weaknesses. What you should do is create one, HATRED for example. Create a new account and infuriate the subject, make it hate you. With your other account befriend the victim. Eventually, you will become its best friend and simultaneously the victim' s worst enemy. Then offer a resolution. Mention that you can hack accounts, tell the victim you can help it get rid off its enemy(your other account) and then ask its password for technical reasons in order to help it. You achieved your goal, which was to gain control over the victim' s account.
This is a very simple example, but the basis of each social engineering operation ,whether it is the gain of an website account or the impersonation of someone for malicious purposes, is the same