Blogs Details | Merlin, Hunter & Associates

Legality of Blagging and Social Engineering

Blagging and social engineering are both techniques that involve deceiving people to obtain information or achieve a goal. However, there are some key differences between the two.

Blagging is the act of inventing a specific scenario to try and engage with the victim. The scenario will be set up so that it increases the chance that the victim will share their sensitive information or data. For example, a blagger might pose as someone close to you, such as a family member or friend, and ask for your help with a problem.

Social engineering, on the other hand, is a broader term that encompasses a wide range of techniques for deceiving people. These techniques can be used to obtain information, gain access to restricted areas, or persuade people to take actions that they would not normally take. For example, a social engineer might send you a phishing email that appears to be from a legitimate company, asking you to click on a link or download an attachment.

In general, blagging is considered to be a more targeted and personal form of social engineering. It often involves building a relationship with the victim before asking them for information. Social engineering, on the other hand, is often more impersonal and may involve using technology to deceive people.

Legality of blagging

Blagging is illegal in the UK. It is the act of obtaining information by deception, often by pretending to be someone you are not or by using false pretenses. In the United Kingdom, for example, blagging is a criminal offense under the Data Protection Act 1998. The Data Protection Act 1998 outlines principles that organizations must adhere to when processing personal data. These principles include obtaining personal data fairly and lawfully, only processing it for specified and explicit purposes, and keeping it secure.

Here are the things that are considered blagging according to the law:

Obtaining personal data without the data subject's consent:This includes obtaining personal data by pretending to be someone else, by using false pretenses, or by tricking the data subject into giving up their information.
Disclosing personal data without the data subject's consent:This includes disclosing personal data to someone who is not authorized to have it, or disclosing it for a purpose that the data subject has not consented to.
Procuring the disclosure of personal data without the data subject's consent:This includes persuading or tricking someone into disclosing personal data about another person.

The maximum penalty for blagging is a fine of £5,000. However, the penalty for blagging can be more severe if the offense is committed in connection with another crime, such as fraud or identity theft. In these cases, the offender could be sentenced to up to two years in prison.

Legality of social engineering

Social engineering is not explicitly illegal in the UK. However, there are a number of laws that can be used to prosecute social engineering attacks, depending on the specific circumstances of the case. These laws include:

The Computer Misuse Act 1990: This law makes it an offense to access a computer system without authorization or to interfere with the operation of a computer system.
The Fraud Act 2006: This law makes it an offense to obtain or retain property by deception or to make a false representation with the intention of making an unlawful gain.
The Data Protection Act 2018: This law makes it an offense to obtain or disclose personal data without consent.
The Serious Crime Act 2007: This law makes it an offense to incite or conspiracy to commit an offense.

The maximum penalty for social engineering attacks varies depending on the specific offense. For example, the maximum penalty for accessing a computer system without authorization is two years in prison, while the maximum penalty for fraud is 10 years in prison.