What is Social Engineering? Attacks | Techniques & Prevention




What is Social Engineering?

Social engineering is that the art of manipulating users of a computing system into revealing tip which will be wont to gain unauthorized access to a computer system. It also can involve activities like exploiting human kindness, greed, and interest to realize access to restricted access buildings or getting the users to installing backdoor software.

Knowing the tricks employed by hackers to trick users into releasing vital login information among others is prime in protecting computer systems

In this tutorial, we’ll introduce you to the common social engineering techniques and the way you’ll come up with security measures to counter them.

How social engineering Works?

a)Gather Information: this is often the primary stage, the learns the maximum amount as he can about the intended victim. the knowledge is gathered from company websites, other publications and sometimes by lecture the users of the target system.
b)Plan Attack: The attackers outline how he/she intends to execute the attack
c)Acquire Tools: These include computer programs that an attacker will use when launching the attack.
d)Attack: Exploit the weaknesses within the target system.
e)Use acquired knowledge: Information gathered during the social engineering tactics like pet names, birthdates of the organization founders, etc. is employed in attacks like password guessing.

Common Social Engineering Techniques:




Social engineering techniques can take many forms. the subsequent is that the list of the commonly used techniques.

a)Familiarity Exploit: Users are less suspicious of individuals they’re conversant in . An attacker can familiarize him/herself with the users of the target system before the social engineering attack. The attacker may deal with users during meals, when users are smoking he may join, on social events, etc. This makes the attacker familiar to the users. Let’s suppose that the user works during a building that needs an access code or card to realize access; the attacker may follow the users as they enter such places. The users are most wish to hold the door open for the attacker to travel in as they’re conversant in them. The attacker also can invite answers to questions like where you met your spouse, the name of your high school mathematics teacher , etc. The users are presumably to reveal answers as they trust the familiar face. This information might be wont to hack email accounts and other accounts that ask similar questions if one forgets their password.
b)Intimidating Circumstances: People tend to avoid people that intimidate others around them. Using this system , the attacker may pretend to possess a heated argument on the phone or with an accomplice within the scheme. The attacker may then ask users for information which might be wont to compromise the safety of the users’ system. The users are presumably give the right answers just to avoid having a confrontation with the attacker. this system also can be wont to avoid been checked at a security check point.
c)Phishing: this system uses trickery and deceit to get private data from users. The social engineer may attempt to impersonate a real website like Yahoo then ask the unsuspecting user to verify their account name and password. this system could even be wont to get mastercard information or the other valuable personal data.
d)Tailgating: this system involves following users behind as they enter restricted areas. As a person’s courtesy, the user is presumably to let the social engineer inside the restricted area.
e)Exploiting human curiosity: Using this system , the social engineer may deliberately drop an epidemic infected flash disk in a neighborhood where the users can easily pick it up. The user will presumably plug the flash disk into the pc . The flash disk may auto run the virus, or the user could also be tempted to open a file with a reputation like Employees Revaluation Report 2013.docx which can actually be an infected file.
f)Exploiting human greed: Using this system , the social engineer may lure the user with promises of creating tons of cash online by filling during a form and ensure their details using mastercard details, etc.

Social Engineering Counter Measures

Most methods employed by social engineers involve manipulating human biases. To counter such techniques, a corporation can;




*To counter the familiarity exploit, the users must be instructed to not substitute familiarity with security measures. Even the folks that they’re conversant in must prove that they need the authorization to access certain areas and knowledge .
*To counter intimidating circumstances attacks, users must be instructed to spot social engineering techniques that search for sensitive information and politely say no.
*To counter phishing techniques, most sites like Yahoo use secure connections to encrypt data and prove that they’re who they claim to be. Checking the URL may assist you spot fake sites. Avoid responding to emails that request you to supply personal information.
*To counter tailgating attacks, users must be trained to not let others use their security clearance to realize access to restricted areas. Each user must use their own access clearance.
*To counter techniques that exploit human greed, employees must be trained on the risks of falling for such scams.