Social engineering is a non-technical way for a criminal to collect information on a target. It is an art of gaining entrée to buildings, systems or data by exploiting human psychology, instead of breaking in or using technical hacking techniques. For example, instead of trying to find software vulnerability, a social engineer might call an employee and act as an IT support person, trying to dodge the employee into exposing his password. A social engineer usually manipulating people into breaking normal security rules and best practices to gain access to systems, networks or physical locations, or for financial gain.
Social engineers often use the willingness of the Peoples but also victimize people on their weaknesses. For example, an attacker calls to authorize employee with an urgent problem requires immediate network access. The attacker can request to the employee’s pride, raise authority using name-dropping techniques. These are some types of social engineering attacks:
Type of Social Engineering
When an attacker calls someone and lies to them in trying to gain access to confidential data. For example, involves an attacker who pretends to get personal or financial data to confirm the identity of the recipient.
Quid pro quo
When a social engineer requests personal information from a party in exchange for something is Quid pro quo. For example, a hacker calls random numbers within an organization and pretends to be calling back from tech support. Ultimately, the attacker will find someone with a real issue who they will then pretend to help. Through this, the attacker finds the target, target information, and password.
When an attacker leaves a device infected with malware, For example, a USB drive. Then someone finds the USB, finder then picks up the device and loads it onto a computer, accidentally installing the malware.
When a criminal attempt to compromise a specific group of people by infecting websites with malware that target users accessing the website.
The social engineers trick a delivery or courier company going to the wrong pickup or drop-off place, thus intercepting the transaction.
The social engineer has shown himself as an attractive person to interact with a person online, fake an online relationship and gather sensitive information through that relationship.
Tailgating also has known as piggybacking. Piggybacking is a physical security breach where an unauthorized person follows an authorized person to enter a secured premise.
Rogue security software is a type of malware that tricks targets into paying for the fake removal of malware.
Social Engineering Tactics
There are several tactics on social engineering tactics include:
- Intimidation– The secretary of senior official receive a call stating that her/his boss is about to give an important presentation, but the required file is corrupt. The cybercriminals ask for the file to be sent to him via email or other via.
- Consensus– Criminals create a site with fake testimonials promoting a product indicating that it is safe.
- Scarcity and Urgency – Criminals usually offer a limited opportunity and People will take action when they think there is a limited quantity or a limited time and become victims
- Familiarity/Liking– Peoples to do what another person asks if the victims like that person.
- Trust– Criminals build a relationship with a victim. For example, as a security expert criminal calls the victim offering advice and help. While helping, the criminals get important information from the victim’s computer.