What is social engineering?
Social engineering is the art of tampering with the users of a computer system to reveal a confidential system that can be used to gain unauthorized access to a computer system. The term may also include activities such as accessing restricted access buildings to use human kindness, greed and curiosity, or having users install backdoor software.
Knowing the tricks used by hackers to protect computer systems is necessary to provide users with important login information among others.
In this tutorial, we will introduce you to common social engineering techniques and how you can find security measures to counter them.
Topics covered in this tutorial
How does social engineering work?
General Social Engineering Techniques
Social Engineering Countermeasures
How does social engineering work?
How to hack using social engineering
Gather Information: This is the first step, he learns as much as he can about the intended victim. The information is collected by talking with company websites, other publications, and sometimes, users of the target system.
Plan of attack: The attackers describe how they want to execute the attack.
Acquisition Tool: Include computer programs that an attacker will use when launching an attack.
Attack: exploits weaknesses in the target system.
Use acquired knowledge: Information gathered during the strategy of social engineering, such as pet names, birth dates of the founders of the organization, etc., is used in attacks such as password guessing.
Common Social Engineering Techniques:
Social engineering techniques can take many forms. The following is a list of commonly used techniques.
Family abuse: Users are less distrustful of people they are familiar with. An attacker may be familiar with users of the target system before a social engineering attack. The attacker may interact with users during meals, users may be involved in social events when they are smoking, etc. This introduces the attacker to the users. Suppose the user works in a building that needs an access code or card to gain access; Upon entering these locations the attacker can follow the users. Users prefer to keep the door open so that the attacker can enter, as they are familiar with them. The attacker can also ask questions such as where he met his spouse, the name of his high school math teacher, etc. Users are more likely to reveal answers because they rely on familiar faces. This information can be used to hack email accounts and other accounts that ask similar questions if you forget your password.
Scaring situations: People avoid people who scare others around them. Using this technique, the attacker may pretend to have a heated argument over the phone or with a partner in the plan. Then, the attacker can ask users for information that will be used to compromise the security of the user system. Users are likely to provide the correct answer to avoid a collision with the attacker. This technique can also be used to prevent this in a security checkpoint.
Phishing: This technique uses tricks and tricks to obtain private data from users. Social engineers can try to place an actual website like Yahoo and then ask the user to confirm their account name and password. This technique can also be used to obtain credit card information or any other valuable personal information.
Wheel Sucking: This technique involves following users after entering restricted areas. As a human etiquette, the user is very likely to let the social engineer enter the restricted area.
Exploiting human curiosity: Using this technology, social engineers can intentionally place a flash disk infected with a virus into an area where users can easily pick it up. Most likely, the user connects the flash disk to the computer. The flash disk can run the virus automatically, or the user may be tempted to open a file, such as the Employee Revival Report 2013.docx, which may actually be an infected file.
Exploiting human greed: Using this technology, the social engineer can lure the user with the promise of making a lot of money online by filling a form and verifying using their data