Social hacking describes the act of attempting to manipulate outcomes of social behaviour through orchestrated actions. The general function of social hacking is to gain access to restricted information or to a physical space without proper permission. Most often, social hacking attacks are achieved by impersonating an individual or group who is directly or indirectly known to the victims or by representing an individual or group in a position of authority. This is done through pre-meditated research and planning to gain victims’ confidence. Social hackers take great measures to present overtones of familiarity and trustworthiness to elicit confidential or personal information. Social hacking is most commonly associated as a component of “social engineering”.
Although the practice involves exercising control over human behaviour rather than computers, the term "social hacking" is also used in reference to online behaviour and increasingly, social media activity. The technique can be used in multiple ways that affect public perception and conversely, increase public awareness of social hacking activity. However, while awareness helps reduce the volume of hacks being carried out, technology has allowed for attack tools to become more sophisticated.
Carrying out a social hacking attack involves looking for weaknesses in user behaviour that can be exploited through seemingly legitimate means. Three popular methods of attack include dumpster diving, role playing, and spear-phishing.
Sifting through garbage is a popular tactic for social hackers to recover information about the habits, activities, and interactions of organizations and individuals. Information retrieved from discarded property allows social hackers to create effective profiles of their targets. Personal contact information such as employee titles and phone numbers can be appropriated from discarded phone books or directories and used to gain further technical information such as login data and security passwords. Another advantageous find for social hackers is discarded hardware, especially hard drives that have not properly been scrubbed clean and still contain private and accurate information about corporations or individuals. Since surfing through people’s curbside garbage is not a criminal offence and does not require a warrant, it is a rich resource for social hackers, as well as a legally accessible one. Dumpster diving can yield fruitful, albeit smelly results for information seekers such as private investigators, stalkers, nosy neighbours, and the police.