The use of social engineering tactics has gained popularity over the recent past. This move has been associated with criminal attacks, usually termed as hacking. Various forms of social engineering tactics are used by hackers to exploit individuals, businesses, and other organizations. Usually, the main intentions of social engineering attacks are to manipulate victims into giving useful information such as passwords and bank information. Some of these tactics include phishing, tailgating, baiting, pretexting, whaling, vishing, and quid pro quo, among others.

Social Engineering Tactics

 One of the most common forms of social engineering attacks is phishing. With phishing, the attacker mainly uses short message services (SMS), e-mails, or social media in an attempt to extract information from potential victims (Lord, 2019). E-mail is one most used platforms for phishing. Mainly, the attacker may pose or impersonate a large organization (such as banks or other corporations) profile and tricks the target into following a link to an external website. The target may be asked to change the password and may be called to show the urgency. If the target clicks on the link, they become prone to ransomware attack (Jentzen, 2019)

             One of the recent examples is about Microsoft OneDrive, where attackers lured people into downloading documents from OneDrive  (Jentzen, 2019). The targets were directed to an authentic-looking page that was fake in real sense. They were required to put their credentials from which the attackers were able to capture their login credentials (Jentzen, 2019).

            The other social engineering technique is tailgating. This technique mainly happens in areas that require electronic access  (Nadeem, 2015). An attacker, in this case, can ask one of the people with authorized access to hold the door for them. That way, they gain access to the company’s information systems and execute their attacks. Another method is known as baiting. As the term suggests, this technique aims at exploiting the human mind. Although the method is usually confused with other tactics, this one comes with a promise of something good to the targets.

             A good example entails one whereby an attacker may use a malicious file that is disguised as some sort of software update (Dobran, 2018). The other example that happens in the real world is through the use of infected Universal Serial Bars (USB) devices that are infected with the virus. Baiting then occurs when a member of an organization takes the device and inserts it into the company’s computers, thereby allowing the attacker to access the corporate’s system files (Dobran, 2018).


Hackers Subcultures

            There are various social norms of the hacker subculture, as identified in various findings. One of these norms pertains to secrecy. In consideration of the fact that hacking is an illegal act, secrecy becomes one of the key components of hacker’s subculture  (Nadeem, 2015). Activities related to hacking are kept secrets to avoid unwanted attention, such as that from the criminal justice system (Holt, 2005). Anonymity is, therefore, indispensable as it allows them to conduct their activities through an unidentified character.

            The other norm common with the hacker subculture is technology. Hacking activities require technological presence  (Nadeem, 2015). A deep relationship between technology and the individual allows hacking to take place. An example is whereby the closeness to technology allows individuals to perform tasks and gain a better understanding of the processes related to hacking (Holt, 2005). A such, technology forms a crucial part of the hacker subculture. The third social norm is the art of mastery, which is generally referred to as categorization. As an example, due to the emerging generations of hackers, there are conflicts between the older generations and the new. As such, some hackers are better than others and want to maintain the boundaries (Holt, 2005).

            Law is the fourth component of social norms associated with the hacker subculture. With the law, some hackers may have various disregard for law enforcement  (Nadeem, 2015). Hackers, due to their sophisticated levels of expertise on their activities, fail to operate under regulations set by law enforcement agencies (Holt, 2005). For example, these hackers have their laws that allow distinct activities that otherwise would be punishable by law enforcement agencies if identified.

            The hacker subculture requires knowledge as the other crucial component. With knowledge, individuals can perform high-level tasks with ease (Nadeem, 2015). In the hackers’ society, the ability to perform and communicate in coded languages and understand is a key identification of status (Holt, 2005). For example, hackers can communicate to share knowledge with the wider hackers’ society. Communication is done in coding languages, and for one to understand, they require to be knowledgeable enough. This element forms the fifth component of hackers’ subculture social norms or values.

Stigma and Labels

            According to Goodwyn (2019), there is a sad tone regarding the stories of hacking. This tone can be attributed to the fact that hackers have caused huge issues in various states of the United States, among other cities. In areas where organizations refused to pay ransomware, they had to incur high additional costs to rebuild their systems. However, the larger society has contributed to the stigmatization of hackers through how they identify hackers. Deviant labels have been given to hackers by people who hold social powers. These acts make individuals associated with hacking to increase their rates of these illegal activities (Goodwyn, 2019).


Dobran, B. (2018, October 22). 17 Security experts on how to prevent social engineering attacks. Retrieved February 11, 2020, from PhoenixNap: https://phoenixnap.com/blog/prevent-social-engineering-attacks

Goodwyn, W. (2019, June 9). Ransomware attacks create dilemma for cities: Pay up or resist? Retrieved February 11, 2020, from Npr: https://www.npr.org/2019/07/09/739999730/what-happens-when-hackers-hold-cities-hostage-with-ransomware-attacks

Holt, T. J. (2005, November 22). Hacks, cracks, and crime: An examination of the subculture and social organization of computer hackers. Retrieved February 11, 2020, from University of Missouri, St. Louis: https://irl.umsl.edu/cgi/viewcontent.cgi?article=1617&context=dissertation

Jentzen, A. (2019, May 17). The latest in phishing: May 2019. Retrieved February 10, 2020, from Proofpoint: https://www.proofpoint.com/uk/security-awareness/post/latest-phishing-may-2019

Lord, N. (2019, July 15). Social engineering attacks: Common techniques & how to prevent an attack. Retrieved February 10, 2020, from Data Guardian: https://digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attack

Nadeem, M. S. (2015, December 2). Social Engineering: What is Tailgating? Retrieved February 11, 2020, from Mailfence: https://blog.mailfence.com/what-is-tailgating/