Social Engineering - Exploiting the Mind

Social Engineering - Exploiting the Mind
Author

Vidya Venkat

Last updated October 29, 2016


  • 1098 Views

“Dear Friend, I am stranded here and need to get back to our country. I need a favor because I have been robbed of my bag containing my wallet, mobile phone, return tickets and other valuables. I will like you to lend me a sum of $xxxxx or any amount you can afford to help me come home, so that I can sort out my hotel bills fly back home. I promise, that I pay you back with an extra $xxxxx amount as soon as I return home safe .Kindly let me know if you can be of help”.

“Dear Lucky winner, Congratulations, You have won $1million in the Superior globe Jackpot.Kindly contact our agent immediately, for more details regarding your winning at this number 00000000.”

Sounds familiar? This is Social Engineering in a nutshell. Though the term has no affinity towards the good side of engineering and being social, it is primarily anti-social and destructive in nature.Social engineering is the process of manipulating human mind to spill confidential and personal information. This is a well formulated attack crafted by criminals or hackers to trick people into giving away vital information like passwords, bank information and etc. Apart from pulling data, the hacker also forces the gullible user to install a malicious bug and siphons out the necessary information without the user‘s realization. This is smart engineering wherein users release passwords on their own rather than being hacked.

Types of Social Engineering attacks: Tapping people for details

Hacker interacts with people and gets the necessary details. This can happen in any of the following ways:

  • Pretending as a valid user of the system, the hacker accesses physically in the form of a helpful desk operator whose disguise is difficult to misinterpret, since they are designated to help employees.
  • An over enthusiastic colleague could also impersonate and gain access to other’s systems, on the pretext of solving a problem.
  • The hacker can also pretend to be a technical support staff from the organization’s vendor, explaining that he is troubleshooting a particular issue which will require the user to share the ID and password to resolve the problem. Gullible employees can fall trap to such requests if they are not alert.
  • Employees can also become victims if they leave important passwords and file names in pieces of paper or printouts and leave it unnoticed, to pave way to the hands of the hacker.

Gaining access indirectly, through computers

Phishing
Messages that mimic or spoof banks, credit cards or other online purchasing companies like Amazon, ebay are examples of phishing. Asking to verify information, false emails, chats are different ways to capture confidential information. The process is made to look so real, that users when not alert become easy prey for such mails.

Baiting-
A free download of a movie or a music file embedded with a malicious code is an easy access for a hacker to target and obtain specific information. This happens with the victim’s system being infected with malicious software facilitating the hacker to approach deeper into the system.

On-line scams
Pop-up windows flashing advertisements tempt victims to download or install virus loaded software without them realizing. Trojan worms, viruses and capturing passwords form an integral part of the hacker’s schedule to infect other systems. In addition baits are laid in social media platforms to share information, job portals to name a few.

How to protect yourself from potential attacks?

  1. Beware of common tricks played by hackers.
  2. Think twice before sharing confidential information.
  3. Use paper shredder to destroy confidential passwords and information.
  4. Set complex passwords which would be difficult to hack.
  5. Make sure your Username and password are difficult to crack, this is called as two-factor authentication.
  6. Security questions are a way by which a hacker gains additional access. Set stronger security questions.
  7. Be extra careful while using credit cards online. Make sure transactions are happening through a secure portal.
  8. Flush out information from public databases that contain your private confidential information
  9. Beware of music and movie downloads.
  10. Secure your computing devices by installing appropriate firewall and anti-virus software.

With the above steps in mind, it is important that users are exceptionally alert while surfing online or doing important online transactions. Step into the hacker’s shoes to understand his motives, this would be lot more easy to protect yourself. Because to beat a hacker, think like one! Simplilearn offers a gamut of training courses in IT Security Management and quality training in Certified Ethical Hacking. Click to know more.

References:
http://resources.infosecinstitute.com/social-engineering-a-hacking-story/
http://www.webroot.com/in/en/home/resources/tips/online-shopping-banking/secure-what-is-social-engineering

Find our CEH (V10)- Certified Ethical Hacker Online Classroom training classes in top cities:

Name Date Place
CEH (V10)- Certified Ethical Hacker 7 Dec -12 Jan 2019, Weekdays batch Your City View Details
CEH (V10)- Certified Ethical Hacker 22 Dec -27 Jan 2019, Weekend batch Atlanta View Details
CEH (V10)- Certified Ethical Hacker 18 Jan -16 Feb 2019, Weekdays batch Chicago View Details

About the Author

Vidya Venkat is a Content Writer with Simplilearn. An avid reader with a passion for writing; she has written an eclectic mix of articles based on Biosciences, Technology, Lifeskills for children and the underprivileged. With a heart for travelling, she has also penned travel articles and reviews on Tripadvisor and other travel sites.

Recommended articles for you

Certification or a Creative Mind: What’s Must for Graphic...

Article

What Is the Real Impact of Social Media?

Article

Corporate Social Responsibility

Article