Do you think that your devices are safe? Do password protection and encryption really work? Following blog post will shed light on how social engineers trick us into sharing a secret and classified details with them. A person who uses their influence and deception to put us in a position to extract the classified information to its best interest is known as a social engineer. An act of extracting the information by understanding the human psychology and methodically influencing to hand over the details is called as social engineering.
In other words a con artist, but this isn’t any con artist, a deep study of human behavioral and their body language is involved. It plays an important role which helps them get unauthorized information which otherwise needs a secured access. Kevin Mitnick, World’s most renowned black hat hacker known for his notorious and extraordinary social engineering tactics, which he extensively used to bring high profile mobile companies to halt. Companies such as Motorola, Sony, IBM were some targets in his stint as a hacker. After being fugitive for years, he was imprisoned for 5 years for both wire fraud and computer fraud. He was so lethal in his work that he was put in solitary confinement, as it was said that Kevin could start a nuclear war by whistling into a payphone-bizarre.
Even after his release from prison, he was under surveillance considering his criminal records. From computer hacking, cloning of cellphone codes, unauthorized federal computer hacking, Kevin has done it all. After almost a decade of jail time and barred usage of any communication technologies, he started his own security consultancy and extensively spoke on a public meet and greet, he is also an author of the book called The Art of Deception. Surprisingly if Kevin didn’t showcase his hacking skills in a non-authorized way, the world would have been able to use the social engineering strategies in a legit way.
Social engineering has gained a lot of success in terms of manipulating people who generally have a helpful behavior towards other human beings. A potential social engineer will study your usual internet habits and weaves plot accordingly. Following are some classic examples of social engineering strategies which have been in and around many years.
The most common and the cleverest among all the tactics used by a social engineer. Phishing involves false emails, websites and text messages which appears to be from a legitimate site. A pop-up asking for login and passwords for bank account information will be redirected to the site created by the attacker. If a social engineer has more specific details related to any particular person the attack would be categorized as spear phishing attack.
Bait-noun. A food placed on-hook or in a net to trap the prey. Baiting is a process involving enticing you into something which you desperately want. For example, downloading a music file or a movie. A file transfer can lead to malicious malware extracting all classified information or gaining access to your device.
Also known as Tailgating. This kind of attack is done in-person who shows lack of authentication with the absence of access. A social engineer will gain access with a help of employee working for the same company or in the same building. Tailgating preferably works best in small-scale offices and firms where a lesser number of people exists and striking a conversation with any one of the employee can get an access ticket.
- Tech talk
The simplest to extract any information from anyone who easily trusts another human. Tech talk involves a person who introduces himself as an employee working for the company and readily trying to help you out with periodic online fraud scams. But on the contrary, they will cleverly ask you to type in login and password in the pop window which the hacker has created and extract them all.
- Whaling attack
A type of phishing attack particularly targeting the high profile dignitaries and social executives. The information is extracted from their Bio written on their social websites or the company’s website. For example, if a bio reads as- A branch Financial Manager graduated from Brooks University and is an NBA fan. A cleverly made email asking to join for a match and to reserve a spot, proceed with the bookings. This format does work in a corporate setting environment where details are person oriented.
Neuro-linguistic programming is a psychological strategy used by social engineers to manipulate a human mind. They deal with person’s neurological processes, language and learned behavior. In other words, a social engineer will read you and behave as they know you, in order to positively influence you and sharing of information and trade secrets will be a piece of cake. NLP is gaining success around for many reasons and social engineering is one of them.