Social engineering, in online Internet marketing, is the act of manipulating consumers into performing actions or divulging confidential information through deception or fraud. Although some techniques of social engineering were used in the past in online Internet marketing, it is not a widely used or accepted practice. In most cases social engineering amounts to fraud. The attacker hardly ever comes in contact with victim. There are some companies that use a form of this in online Internet marketing. The deception or trickery involved with social engineering is used for the purpose of getting personal information, committing fraud, or gaining access to a computer system. This is the reason why most online Internet marketing companies will not do social engineering and is used mostly by people whose intent is to commit fraud. To obtain this information from a consumer, most attackers will use a method that was popular at one time in online Internet marketing called Phishing. Phishing is the act of committing social engineering to fraudulently obtain a consumer's private information. Phishing is also used to fraudulently obtain a company's information also. The attacker will usually send an email that looks like it came from a legitimate company such as a bank or credit card company including their company letter head and logo. The consumer or victim is asked to verify some information and told of the importance of doing so immediately. The phishing email will usually provide a link that takes the consumer to a web page that looks like the real company, but is really a fake. There is a form awaiting the consumer asking for personal information like home address and pin numbers for ATM and credit cards. Phishers use the online Internet marketing technique of spamming to contact a large amount of people with emails, but Phishers use spamming to commit their fraud of social engineering.
Besides using methods similar to online Internet marketing, attackers committing social engineering also use methods like phone phishing, pretexting, baiting, and Quid pro quo. Social engineering committed at large companies is used for phishing consumers' personal information, credit card account information and passwords. Social engineering is also used to hack private company emails where the attacker uses editing software on the email and then tries to extort money. Social engineering in addition is committed to companies and organizations also foe the purpose of trying to destroy their reputation. Because a few of these techniques are similar to some practices used in online Internet marketing at one time, it has given online Internet marketing a bad reputation in certain areas of marketing. As more attackers are using practices like social engineering to commit fraud, online Internet marketing has distanced itself from anything even closely resembling any technique associated with phishing in any way or with social engineering in general. Although there are not worldwide laws concerning social engineering, many individual countries have taken it upon themselves to write laws concerning social engineering. Most good consultants from corporate security companies will use the techniques associated with social engineering to test or audit a company to see what privileged information they can get access to.