How to hack with social engineering

5) Social engineering 


What is Social Engineering?


Social engineering is the art of manipulating users of a computer system to disclose confidential information that can be used to gain unauthorised access to a computer system. The term can also include activities such as using human kindness, greed, and curiosity to gain access to restricted buildings, or allowing users to install backdoor software.

Knowing the tricks used by hackers to trick users into providing important login information is fundamental to securing computer systems.

In this guide, we'll introduce you to general social engineering techniques and how you can come up with security measures to counter them.


Topics covered in this tutorial


• How does social engineering work?
• General methods of social engineering
• Countermeasures against social engineering


How does social engineering work?




HERE,
Gathering Information : This is the first step in learning as much as possible about the alleged victim. Information is collected from company websites, from other publications and sometimes through communication with users of the target system.
Plan of attack : the attackers outline how he / she intends to carry out the attack
Receiving tools . These include computer programs that an attacker would use when launching an attack.
Attack : exploit weaknesses in the target system.
Use the knowledge gained : Information gathered during social engineering tactics, such as pet names, dates of birth of the founders of the organisation, etc., is used in attacks such as guessing passwords.

General methods of social engineering:


Social engineering techniques can take many forms . Below is a list of the most commonly used methods.
Introducing Exploit: Users are less suspicious of people they know. An attacker could become familiar with users of the target system prior to a social engineering attack. An attacker can interact with users while eating, when users smoke, he can join, at social events, etc. This makes the attacker familiar to users. Let's assume that a user works in a building that requires an access code or card to access; an attacker could follow users as they enter such places. Users like to keep the door open the most for an attacker to enter as they are familiar with them. An attacker could also request answers to questions such as where you met your spouse, the name of your high school maths teacher, etc.
Intimidating Circumstances : People tend to avoid people who bully others. Using this technique, an attacker can pretend to have a hot argument over the phone or an accomplice in a scheme. An attacker could then prompt users for information that would be used to compromise the user's system. Most likely, users provide correct answers to avoid confrontation with the attacker. This technique can also be used to avoid being checked at a checkpoint.
Phishing : This technique uses trickery and deception to obtain personal information from users. A social engineer might try to impersonate a genuine website like Yahoo and then ask an unsuspecting user to confirm their account name and password. This method can also be used to obtain credit card information or any other valuable personal information.
Back Door : This technique involves following users as they enter restricted areas. As a courtesy, the user is likely to let the social engineer into the restricted area.
Using human curiosity . Using this technique, a social engineer can intentionally throw a virus-infected flash drive into an area where users can easily grab it. Most likely, the user will connect the flash drive to the computer. The flash drive may automatically launch a virus, or the user may be tempted to open a file with a name such as Employee Reevaluation Report 2013.docx, which may in fact be an infected file.
Harnessing Human Greed : Using this technique, a social engineer can lure a user with promises to make a lot of money online by filling out a form and verifying their details using credit card details, etc.

Countermeasures against social engineering

 


Most of the techniques used by social engineers involve manipulating human prejudices . To resist such practices, the organization can;
To counter the familiarity vulnerability , users must be trained not to replace familiarity with security measures. Even people they are familiar with need to prove that they have permission to access certain areas and information.
To counter scary attacks, users must be trained to identify social engineering techniques that seek out confidential information and politely say no.
To counter phishing techniques , most sites like Yahoo use secure connections to encrypt data and prove they are who they say they are. URL checker can help you detect fake sites . Do not respond to emails that ask you for personal information .
To counter attacks on the tail, users must be trained not to let others use their security permission to gain access to restricted areas. Each user must use their own access permission. 
To counter human curiosity , it is best to send the retrieved flash drives to the system administrators, who must scan them for viruses or other infections, preferably on an isolated machine.
To counter the methods that exploit human greed , employees must be trained in the dangers of falling into such scams.

Summary

◇ Social engineering is the art of using human elements to gain access to unauthorised resources.
◇ Social engineers use a number of techniques to trick users into disclosing sensitive information.
◇ Organisations must have security policies that have social engineering countermeasures.



Previous Post Next Post