Abstract

Social engineering is “any act that influences a person to take an action that may or may not be in their best interest” (social-engineer.org 2017). “Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information” (wikipedia.org 2017). These deception techniques have been used throughout human history. They were used for financial gain, access to power, and spying on enemies and especially as war techniques for victory on the battleground. From olden times, there is the tale of Greeks using a Trojan horse to enter the city of Troy ( Encyclopedia Britannica 2017) and win the war. Also, we can refer back to Victor Lustig, the man who sold the Eiffel Tower in 1925 (wikipedia.org 2017). Certainly, all of history is full of examples of a human deceiving his/her fellow human. The most memorable films are where viewers find there to be a question of whether the character using deception is good or bad; there are certain moral claims that can serve to justify these otherwise illegal or illicit actions. One might remember the movie The Sting, directed by George Roy Hill (1973) telling the story of a young con man, in September 1936, seeking revenge for his murdered partner, who teams up with a master of the big con to win a fortune from a criminal banker or a more recent movie based on the true story of Frank Abagnale. He was one of the most famous impostors claiming to have assumed multiple identities. Catch Me If You Can, directed by Steven Spielberg (2002), tells the story of how Frank successfully conned millions of dollars’ worth of checks as a Pan Am pilot, a doctor, and a legal prosecutor. Social engineering, and deception techniques now possible with the digital age, have started new lives. There is now the story of Kevin Mitnick (Mitnick and Simon 2002), who used his sophisticated skills to worm his way into many telephone and cell phone networks and vandalize government, corporate, and university computer systems. Arrested in 1995 (BBC 2002), after five years in prison for various computer and communications-related crimes, he wrote about his experience and illustrated the massive scale of social engineering and the effect on the computer security system as a whole.