Social engineering is defined as the process of obtaining others passwords or personal information by the act of manipulating people rather than by breaking in or using technical cracking techniques.
A good Social engineerer (or as I love to call these types of people, “Bullshit artists”), can make people believe nearly anything.
Here I will show you an example on how social engineering works:
Example 1:
Robert(Hacker) calls Michael and pretends to be a Google employee, Here is the conversation:
Michael: Hi Michael I am Robert a Google employee
Robert: OH How are you doing?
Robert: Me fine. I am here to inform you that Google is performing a security update on all Google accounts and we therefore need to install those securities updates on your account.
Michael: Yes kindly install those security updates.
Robert: Thanks for your interest in our security updates we will require your account password for installing it.
Michael (Victim) has become a victim of social engineering, he will give out his password thinking that the person whom he was chatting was a Google employee.
Note: The Hacker will create an account similar to Googleupdates(at)gmail.com Securityupdates(at)gmail.com. So the victim will feel that the person whom he is chatting is original.
Example 2:
You may receive an email from saying that your computer is infected with virus and to eliminate this virus you need to install a tool. The tool will not eliminate virus from your computer but instead it will give access to your computer and all data stored on it.
Prevention of Social Engineering
As you can probably see above, the power of Social Engineering can easily be used against people. It is always a good idea to be aware of people who you don’t know, but it is also good practice to watch people you do know. Don’t be getting paranoid about things, because that isn’t what i mean, but SE is the EASIEST way to hack anything.
Here are some tips of keeping safe:
I can’t have a complete list, because Social Engineers are constantly changing the ways in which they gain trust.
A few things to look out for:
1. Never give your password or your personal information to any company representative unless and until your are sure about his/her identity.
2. Employees from companies from like Google , Youtube, Hotmail etc will never ask for your password.
3. Never assume that Phone call which appears to come from an organization is original
4. If you are unsure that Email is original verify it by contacting the company.
This post was written with the beginner in mind, and just defines the basics of the Social Engineering techniques.
Posts
0 comments:
Post a Comment