# Social engineering "Social engineering" is using information about the person to get them to trust them. This can often include exploiting someone's willingness to help or get help: - "Phishing" involves sending fake information (usually an email) that looks legitimate. "Spear phishing" is a highly sophisticated version of it that targets one person, usually with plenty of personal information. - "Pretexting" uses subtle appeals to reliable sources to gain that person's trust ("I'm from the FBI..."). - "SEO poisoning" uses illegitimate techniques to rank higher on search engines ("search engine optimization") to get people to go to their website. - "Something for something" is giving something (usually free) to someone in exchange for their information. Social engineer hackers are often *very* patient. They'll spy on someone for weeks and months to check for the following: 1. Something of [value](purpose.md) they can theoretically attain. 2. [Routine behavior](habits.md) that they can exploit. "Ransomware" is software designed to block off information until someone pays money. By transferring the money through [cryptocurrency](computers-blockchain.md), it can be difficult to trace the transaction. "Malvertising" is advertising designed to look like another legitimate product, but is actually [malware](computers-cysec-malware.md). ## Identity Theft Typically, in a modernized society, hackers only need *very* few pieces of information to [authenticate](computers-cysec-authentication.md) themselves as someone else: - Someone's full name, date of birth, and social security number are enough to fraudulently get a new [credit card](money-2_debt.md), [get insurance](insurance.md), secure a loan, and many other activities. - A few pieces of information from social media can guess someone's [password](encryption.md) security questions. "Sim swapping" is when a hacker can acquire a phone number's [two-factor authentication](computers-cysec-authentication.md) by authorizing a cell carrier with fraudulent information to migrate that phone number to another phone.