Question

Would this incident be an example of social engineering? You receive a phone call from the technical support department of a software maker alerting you to a bug in the company’s software, which you have purchased. The tech offers to walk you through the steps required to fix the software on your computer.

1. Social engineering2. Not social engineering

Answer 1

The correct answer is 1. Social engineering

Step-by-step explanation:

In computer security, social engineering refers to a technique where someone with a malicious intent tricks or manipulates people else to give up confidential information or perform an action that goes against their best interest.

In our case, this can be seen as a very clear case of social engineering. This is because the situation is extremely suspicious: it's extremely rare, for a software company to call a specific customers to alert them of bugs and offer assistance in order to "fix" said bug. The "tech" expert could mislead an unsuspecting user into revealing some confidential information or installing backdoor software disguised as part of the bug fixing process. This situation is not unlike pop-up ads that appear on some websites, alerting the user that a virus or a security flaw has been detected, and prompting the user to click a dodgy link that actually leads to a malicious website or downloads some equally malicious software.