In the last blog, we briefly overview social engineering and how it can be used in real life. In this blog, we'll learn about what is social engineering
What is Social Engineering?
As we have learned in our last blog about social engineering now in this blog we will dive deep into this.
It is a form of psychological manipulation that persuades a person to give up confidential information.
In simple, we can say that we need to manipulate a person to give his confidential information pretending to be someone else whom the person will trust. None will give us his personal information if he doesn't trust us so we will be pretending someone whom the user or our target can trust that can be a verified and trusted bank, company, relative, or others.
So in other exploitation, we use some exploits or have to find some vulnerabilities. But in social engineering, we will only fool our target and the rest of our work will be done by the person/target itself.
But it is not fully fooling our victims. It will be hard for us so we will use some techniques and tools or software which will help us in our journey of social engineering.
And you will be using these tools but for being successful in this field you need to be a good representative of your attack. How well you deceive the target into believing what you are doing is legitimate.
You can understand social engineering like penetration testing. So in penetration testing hackers find bugs or vulnerabilities in software and in social engineering hackers find bugs and vulnerabilities in humans that can be
lust for money
Helping others
Fear
Trusting others
Obedient to authority
It takes advantage of our emotions and will manipulate us to perform such activities like
Click on a fraud link
Visiting a Malicious website
Opening a Malicious document
Downloading an App that will steal our data
Organizations invest a lot of money into training their employees but there are some who don't and they regret this latter.
Irrespective of security controls that are put in place, end users will ultimately have access to sensitive information that can cause harm to an organization if it fell into the wrong hands.
Curiosity will cause a person to pick up that USB lying on the floor and plug it in to see what is on it. Dropping infected USB sticks around a target organization is a common penetration testing technique, and it is also used by attackers
Social engineering comes in many forms some of them are:
Phishing
Pretexting
Spear Phishing
Tailgating
In the next article, we will learn about all of these in detail.
Comments