Hmmm. I decided to write this blog keeping aside my inhibitions, and I’m happy I am doing it, particularly, this one!
Okay, I assume you would have heard of something called “Social Engineering”. If yes, are you aware that there is no patch for human stupidity with respect to Social engineering? According to me, this is true, as we see many companies/users getting victimized even after many past experiences.
Human beings are weakest links!
Social Engineering is an art of wangling people to reveal confidential information which is not supposed to be told out. It involves gaining the trust of an individual in order to obtain confidential information. Social Engineering is a non technical attack but involves tactics for making a victim get trapped. This is an art of gaining important information about an organization, its employees, systems etc.
Here, the victim can be anybody; where which includes a high possibility of a hacker himself getting victimized at times! This would be possible when the hacker could be a part of a group of friends, and the entire group can be victimized at once, as it is completely based on trust where tricking them emotionally would not be very difficult.
Sometimes, it so happens that in a continuous conversation, we do not even realize that we are revealing personal & confidential information, or end up revealing some hints, which will in turn make the job of a hacker easier, to hack into their extremely personal & confidential information.
Some basic information which can be gathered very easily would include a person’s favorite color, actor, food, car, teacher, best friend etc. It might even include some of the information about childhood, school days or about his/her family. Such information would suffice to an extent in order to hack into any account, as the secret questions to recover the password for any application would mostly involve these.
Let assume, you have become the victim. Now, do you mind answering any questions like your favorite teacher or your pet name or any such questions mentioned above? If you have a very close friend who would try for a social engineering attack does not have to ask you for any such questions, he would be aware of you and your likes and dislikes up to some extent.
Generally if you ask for a piece of sensitive information, people naturally become suspicious immediately. If you pretend you already have the information and give out wrong information, they will frequently correct you unconsciously – thereby rewarding you with the correct piece of information you are looking for.
Social engineering toolkit! No, we do not need a SET to victimize anyone! Real-time hackers do not completely depend on social engineering tool kit.
Preventing Social Engineering:
In my opinion, I don’t think there is any well defined way or application which helps user to prevent social engineering. Different methods are being evolved hence having an eye on different attacks is recommended.
Educating employees of an organization and performing random tests on them might be helpful to identify the mouse traps within the organization, it is recommended not to share their passwords even with their higher authorities or team leaders, let them have an administrator password if access required.
Organizations have to take care of social engineering too, along with other security attacks as it holds more than 50% of share on different attacks.
Frequency of social engineering when compared to other security Attacks.
If you have any methods of preventing social engineering or any other social engineering cases you are aware of (attention-grabbing) please comment. Let others know your experience.