Social Enginerring is the hack that requires no knowledge of code. Despite its relative simplicity the risks associated with social engineering are just as serious as the numerous hacks. Social engineering is the art of manipulating people into doing things, particularly security-related—such as giving away computer access or revealing confidential information. Social engineers use psychological tricks on humans
Social Engineering is the tactic or trick of gaining sensitive information by exploiting the basic human nature such as :
Social engineering is the hardest form of attack to defend against because it cannot be defended with hardware or software alone.
“Rebecca” and “Jessica”
Hackers uses the term “Rebecca” and “Jessica” to denote social engineering attacks
“Rebecca” and “Jessica” mean a person who is an easy target for social engineering,
such as an receptionist of a company.
In many cases, these hackers use small pieces of information to gain trust or access so they can then carry out their cons fully. Here are a few examples:
- A hacker might call saying your credit card has been flagged for unusual activity and the bank needs to verify your information (credit card number, mother’s maiden name, etc.) before issuing a replacement. He or she will offer up the last four digits of your card and perhaps the date and amount of a recent transaction (things easily found in your trash) to gain your confidence and make this sound legit.
- Hackers might even pose as your Facebook friends or other social media connections and then glean information from your profile or your posts
Social Engineering can be categoriesed as
Gather sensitive information by interaction.
Attacks of this catogory expolits trust , fear and helping nature of human for eg .
- Calls as a technical support staff , and request id & passwords to retrive data.
- Survey a target company to collect information
- Refer to an important person in the organisation and try to collect data
Eavesdropping or unauthorised listening of conversation or reading messages
Looking over your shoulder as you enter a password
Search for sensitive information at target company’s
- Trash bin
- Printer trash bin
- User desk for sticky notes
Email sent to many recipients without prior permission intended for commercial purposes. Irrelevant , unwanted and unsolicited email to collect financial info. social security members, and network information
Phases in social Engineering Attack
Keep Visiting and Enjoy our session on how to start learn hacking