Please help me some 1 has hacked me

[centip3de]

If you're exploiting the user through a bogus form/login/site etc... that's not considered social. So no, phishing isn't in my eyes a type of social engineering. Quite the opposite, you make an app that tricks people into giving up info so you basically just sit and wait until someone fills the shit out.

+1 for the clarification Cent.

This. However, shaqywacky was not entirely wrong, as these attacks can easily coincide (convincing someone to go log into -insert social media here- through the link you supplied, linking to your uberHaxing site).

[shaqywacky]

If you're exploiting the user through a bogus form/login/site etc... that's not considered social.

How is this not social? What category would you place phishing under then?

In a normal SE situation, someone acts as an authority figure to get information from a user. In phishing a web page acts as an authority figure(IE the real website) to get the information from the user. I don't see how these are different.

Also:
http://en.wikipedia.org/wiki/Phishing

Phishing is an example of social engineering techniques used to deceive users

http://en.wikipedia.org/wiki/Social_eng ... ecurity%29

Social engineering - Techniques and Terms
...
Phishing

Note: One of the worst parts about written communication is you can't hear my tone. So to be clear, I mean this in a completely friendly manner.

[WallShadow]

http://en.wikipedia.org/wiki/Phishing

Phishing is an example of social engineering techniques used to deceive users

http://en.wikipedia.org/wiki/Social_eng ... ecurity%29

Social engineering - Techniques and Terms
...
Phishing

Endless Loop: noun; see Loop, Endless.
Loop, Endless: noun; see Endless Loop.


Which came first; the chicken, or the chicken?

[shaqywacky]

@Wallshadow What?

I don't mean to be rude but do you know how definitions work?

What those wikis said:
A type of SE is phishing. Thus phishing is in the set of SE techniques.
Phishing is a type of SE. Thus phishing is in the set of SE techniques.

There is no loop there. The phrases are just reversed(IE identical).

Let me give you an example:

Cows are animals.
Some animals are cows.

Clearly there is no loop there, both statements are saying the exact same thing.

[WallShadow]

Then I apologize, I miss read what you wrote. My fault.

-WallShadow <3

[mShred]

There's no reason to get butthurt.. But IMO, phishing can be considered both, probably depending on the situation. Phishing in itself is obviously a technical attack, for it uses technical shit as in setting up a site. But how you get them to visit the site is where the debatable issue comes into play. If you socially trick them into going to that site, then obviously phishing would be affiliated with SE. If you are using some way of routing their traffic to your site, then I don't see how SE comes into play. You can say that the fact that the site is fraud is a form of SE because it involves faking, but in reality it isn't being socially fake. The whole phishing attack would be devised and carried out through technical means, without having to make social interaction with that target. Without social interaction, there is a lack of possible social engineering.

[shaqywacky]

There's no reason to get butthurt..

Note: One of the worst parts about written communication is you can't hear my tone. So to be clear, I mean this in a completely friendly manner.

I don't understand what it is about you and someone disagreeing with you. Someone disagrees with you, they must be butt hurt.

Forums are meant for discussion. So unfortunately there will be people that might disagree with you. The point of the forum is to discuss it. So when someone replies, they very likely may just be discussing some topic not just getting angry. I honestly don't care whether people here agree with me or not. I'd rather they didn't. A forum where everyone agrees about everything would be very boring.

So I don't know how to clarify this anymore than I already have. I am just discussing your points, it's not a personal attack.

Phishing in itself is obviously a technical attack, for it uses technical shit as in setting up a site.

The attack isn't happening on a technical level though. While it uses technical things, the exploit is purely on the person. A similar thing would be someone calling you on the phone and pretending to be someone working for your bank. While it uses a phone(technical), the exploit is on the person. This is the same for phishing. It uses a website as a medium to exploit the person.

If you are using some way of routing their traffic to your site, then I don't see how SE comes into play.

I would say that would be a mix of SE and a technical attack. The technical attack would be the routing of the traffic and the SE would be the person believing that the phishing site is legitimate. Even if the fake site has everything the real site, even the domain name the same( like through some DNS exploit). The part where the user believes that the form is legitimate is exploiting the fact that a normal person doesn't go to extreme(IE ridiculous) lengths to verify the forms they put their info in.

@wallshadow

Ah, ok. I admit I was being a little rude, so sorry about that, but I sort of thought you were trying to troll me in some way.

[mShred]

The butthurt comment wasn't directed to you, it was a global comment. But now, after seeing that you clearly are a smidge butthurt, I say to you: No need to get so butthurt.
Anyway, going back to refuting your argument,

The attack isn't happening on a technical level though. While it uses technical things, the exploit is purely on the person.

This would be true for almost anything. That's like saying having some magic program that infects all computers everytime they're turned on would be social engineering. Just because the person is involved, doesn't mean it would be SE. SE requires there to be some sort of engineering to be done socially.. With social contact. Because that's what social means. I see where you stand on the fact that the person is still thinking the site is legit, but if that were the case then any kind of attack, in any situation, would be some sort of SE. And that just isn't what social engineering is.. You see where we're getting at here? Or at least where I'm getting at, idunno where everyone else stands on this.

[NukkaXsplasH]

My 2 cents

When it comes to phishing, I think of people spoofing banks or companies. Using email or phone to manipulate someone to provide sensitive information to their "bank" or "facebook" login. They can use subjects like "Oh you have won a sweepstakes!" or "Your account will be canceled if you don't provide such information".

When it comes to social engeneering, I think of people having a conversation over the phone, in person, or email, manipulating them to provide sensitive information. A common example is saying you are an employee of a firm and you lost your account username or account password. Manipulating people and pretending you are someone you are not.

There is a fine line between the two, in this particular case it is pointless trying to distinguish between them.

OP, you got phished into social engeneering. If you use that username for other accounts, I would recommend changing the passwords if they are the same. I would also contact Sony and tell them your account is compromised, since you most likely have a stored credit card, that is compromised as well.

[LoGiCaL__]

How is this not social? What category would you place phishing under then?

I'll probably keep it in the category that it's already in. Phishing.

In a normal SE situation, someone acts as an authority figure to get information from a user. In phishing a web page acts as an authority figure(IE the real website) to get the information from the user. I don't see how these are different.

How is that social engineering? That could be easily done with just a email list and some naive users. Also, some good design skillz. No contact would ever have to be made at all. Now you could use social engineering to assist in the phishing part of the attack by tricking some smarter users to go and visit a link/qr-code or whatnot. But when it comes to the actual phishing part you're somewhere doing something completely else.

Note: One of the worst parts about written communication is you can't hear my tone. So to be clear, I mean this in a completely friendly manner.

All good. Anyway, this thread has been severely jacked up lol from the OP.