What is Social Engineering?
This in simple terms is the act of trying to manipulate someone into giving you information that is crucial and confidential. This could be their personal data, their credentials, or their bank information.
Unlike most of the hacking that happen which are technical, social engineering is mainly focused on the human beings, not the machines or software and systems. Human beings are said to be the weakest links.
“The weakest link in the security chain is the human element” -Kevin Mitnick
Social engineering can be carried out in two ways: Active social engineering and Inactive social engineering.
Active social engineering is where you come into contact with the victim and try to get information out of them.
Inactive Social Engineering is where you find information online that could help you carry out social engineering without coming into contact with the victim.
SOCIAL ENGINEERING LIFE CYCLE
This is the first and the most important phase of the social engineering process. It determines the success of the social engineering process. For a perpetrator to be able to social engineer a person they must have adequate information about their victim. This makes it easier for them to be trusted by the victim. You have to research and gather as much information about your victim as possible. This could be through research, keenly following their social trends on social media, googling them to find out more about them and so on.
ESTABLISHING RELATIONSHIP AND RAPPORT
This is where to come into contact with the victim. This could either be physically or through a phone call or even by sending an email. During this stage, you need to make sure that you gain the victims trust. This will make the whole process a lot easier for you.
This is where the attacker uses the information gathered and the relationship made in stage 2 to actively infiltrate the victim.
This is done by making sure that there are no suspicions raised.
This is where the victim’s ultimate goal is accomplished. After gaining what the victim wanted, they bring the relationship to an end without raising any suspicions. The victim must feel like they got something from the process to avoid any suspicions. Then you need to cover your tracks finally like erasing the digital footprints.
TYPES OF SOCIAL ENGINEERING ATTACKS
Quid Pro Quo
Something for something
Pretending to be an IT support and offering to fix something’s on your victims machine and in exchange they give you their passwords.
Fraudulently obtaining private information.
As one of the most popular social engineering attack types
Phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims.
Types of phishing include:
- Vishing: Use of voice to do social engineering, for instance phone call.
- Smishing: The use of SMS.
Real world Trojan horse.
As its name implies, baiting attacks use a false promise to manipulate human greed.
They lure users into a trap that steals their personal information or inflicts their systems with malware.
WAYS TO PREVENT SOCIAL ENGINEERING
- Don’t open emails and attachments from suspicious sources.
- Use multi factor authentication
- Be wary of tempting offers
- Keep your antivirus/anti malware software updated.