09 July 2013

Social Engineering

Social engineering

Social Enginerring is the hack that requires no knowledge of code. Despite its relative simplicity the risks associated with social engineering are just as serious as the numerous hacks. Social engineering is the art of manipulating people into doing things, particularly security-related—such as giving away computer access or revealing confidential information.  Social engineers use psychological tricks on humans

ebook download Social Engineering

Social Engineering

Social Engineering is the tactic or trick of gaining  sensitive information by exploiting the basic human nature such as :

Social engineering is the hardest form of attack to defend against because it  cannot be defended with hardware or software alone.

1 Social Engineering

Social Engineering

“Rebecca” and “Jessica”
Hackers uses the term “Rebecca” and “Jessica” to denote social engineering attacks

“Rebecca” and “Jessica” mean a person who is an easy target for social engineering,
such as an receptionist of a company.

In many cases, these hackers use small pieces of information to gain trust or access so they can then carry out their cons fully. Here are a few examples:

  • A hacker might call saying your credit card has been flagged for unusual activity and the bank needs to verify your information (credit card number, mother’s maiden name, etc.) before issuing a replacement. He or she will offer up the last four digits of your card and perhaps the date and amount of a recent transaction (things easily found in your trash) to gain your confidence and make this sound legit.

  • Hackers might even pose as your Facebook friends or other social media connections and then glean information from your profile or your posts

Social Engineering can be  categoriesed as

  • Human Based

Gather sensitive information by interaction.

Attacks of this catogory expolits trust , fear and helping nature of human for eg .

  1. Calls as a technical support staff , and request id & passwords to retrive data.

  2. Survey a target company to collect information

  3. Refer to an important person in the organisation and try to collect data

  • Eavesdropping or unauthorised listening of conversation or reading messages

  • Shoulder surfing

Looking over your shoulder as you enter a password

2 Social Engineering

Shoulder Surfing

  • Dumpster Driving

Search for sensitive information at target company’s

  • Trash bin

  • Printer trash bin

  • User desk for sticky notes

3 Social Engineering

Dumpster Driving

Spam email

Email sent to many recipients without prior permission intended for commercial  purposes. Irrelevant , unwanted and unsolicited email to collect financial info. social security members, and network information

Phases in social Engineering Attack

4 Social Engineering

Phases in social Engineering Attack

Keep Visiting and Enjoy our session on how to start learn hacking


Social Engineering