Social Engineering Social engineering is the art of manipulating people so that they give up confidential information. People are often the weakest point in security systems, social engineering focuses on people rather than on technology, as the weak point in any security system. There are many different ways to manipulate people to surrender their confidential information or data. There are many threats to network security. Most target the computers and communications software, but many target far weaker links: the people who use them. A study shows that human error was the main root cause of all security breaches to networks. The biggest problems were failure to follow general policies and procedures, general carelessness, and a lack of knowledge of threats. Some of the methods used to breach network security need no knowledge of programming or computers. These are low-tech con-tricks, referred to as social engineering, aimed at manipulating vulnerable people into disclosing their personal information. Blagging is the act of creating and using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances. Examples are the Nigerian Prince scam and more recently the emails from friends who have been mugged (in a foreign country) and need you to send money. Phishing is a technique of fraudulently obtaining private information, often using email or SMS. It might look like it comes from a bank or other legitimate business. The criminal hopes that the user will follow give away some important information eg by following a link to a false website and logging in with their ID. Pharming is a cyber attack intended to redirect a website's traffic to another, fake site. This can be done by hacking a DNS server or redirecting your computer electronically. Shouldering is a simpler way of obtaining people's Passwords or Pin Numbers. Criminals just stand behind and watch what you type.