SOCIAL ENGINEERING

Bhumika Bisht
4 years ago

SOCIAL ENGINEERING


  • Social engineering is not new to the hacking world the renowed hacker Kevin Mitnick kind of advertised the word Social engineering in IT sector however the word was made for social science sector and was coined by Van Marken n 1894 according to whom this word refers to those who work on handling human problems. 


  • In IT sector social engineering refers to an art of extracting confidential information from people to gain malicious access and break through security guard. 


  • The main motive behind social engineering is to gain target's trust through interaction. Basically it attacks users psychology through decent interaction which makes them to trust and reveal sensitive information. 


  • Hackers make various attempts and practices to execute this. 


SOCIAL ENGINEERING PRACTICES   

Most types of attacks used by hackers to derive information through social engineering are-

  1. BAITING   


  • This involves persuading victims to fall in their trap by attracting them through various baits including media, links, ads which fascinate them and make them download it with which they attach malwares and Trojans to corrupt victims system. 


  • Physical baiting is also done however it not common nowadays. Usually in it attackers leave pen drives, printouts of labels etc in company places so that one would look into it out of curiosity. 


2.PHISHING

  • It is the most common practice of attacking in which fraud messages, e-mails, and other means of communication are used to steal confidential information and user's data. 
  • It envolves messages related to offers,bank accounts, money package etc in order to impersonate as a trusted authority. 


3.SPEAR PHISHING


  • The mere difference between phishing and spear phishing is that in spear phishing emails and messages personally directed to individuals.


  •  In it attacker specially designs emails to target single organization or business intentionally. 


  • Hackers execute this by impersonating as a trustworthy contract. 


  • spear phishing needs more efforts than phishing. To skillfully execute their task hackers take more time to create it. 

 

4.SCAREWARE


  • Also known as rouge security software, fraudware is a malware that damages system if installed. 


  • This type of malware usually pop-up ads and links usually stating false messages , alerts and even look like an error message that when clicked gets downloaded in the system or simply directs to another window containing the malicious link. 


5.PRETEXTING

  • In pretexting an attacker extracts information from victim by impersonating as a powerful authority. 


  • Attacker often imitates as a government official to gain sensitive information from victim. 


  • The main way of gaining personal data is by asking victim's identity proof. 


   Precautionary measures


  • Don't download files or anything by insecure means always use safe websites.


  • Never click on links and videos from unknown origin and never download uncertified applications.


  • Never provide personal information over the phone if you receive a call. 


  • Beware of emails that ask the user to contact a specific website or link to update user’s information . Never divulge personal or financial information via email.


  • Never enter any personal information in pop-ups. 


  • Install proper security systems that can safeguard your data. Keep your Anti-virus software up to date. 


  • Monitor online accounts regularly to ensure that no unauthorized transactions have been made.


  • Be sure to make online transactions only on websites that use the https protocol. 


  • Do time to time security check. 


  • Read articles which provide knowledge about safe browsing. 


HAPPY & SAFE BROWSING!!! 

More from Geeks Ocean