Hello! It takes a minute to create a free account.
When you create an account we will be able to remember exactly what you have read so you can pick up where you left off. You will receive notifications here or by email when someone replies to you. You can also reply to or vote on topics to show your appreciation.Get Started Already have an account?
How Social Engineering Works (A Basic Summary)
Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
Here is a little bit of a summary.
This is the first stage. An attacker learns as much as he/she can about the intended victim. The information is gathered from company websites, other publications, and sometimes by talking to the users of the target system.
The attackers outline how he/she intends to execute the attack
These include computer programs that an attacker will use when launching the attack.
Use acquired knowledge information gathered during the social engineering tactics such as pet names, birthdates of the organization founders, etc. is used in attacks such as password guessing.
To counter the familiarity exploit
The users must be trained to not substitute familiarity with security measures. Even the people that they are familiar with must prove that they have the authorization to access certain areas and information.
To counter intimidating circumstances
Users must be trained to identify social engineering techniques that fish for sensitive information and politely say no.
To counter phishing techniques
Most sites such as Yahoo use secure connections to encrypt data and prove that they are who they claim to be.
Checking the URL may help you spot fake sites. Avoid responding to emails that request you to provide personal information.
To counter tailgating attacks
Users must be trained not to let others use their security clearance to gain access to restricted areas. Each user must use their own access clearance.
To counter human curiosity
It is better to submit picked-up flash disks to system administrators who should scan them for viruses or other infections preferably on an isolated machine.
To counter techniques that exploit human greed.
Employees must be trained on the dangers of falling for such scams.
Social engineering is the art of exploiting human elements to gain access to unauthorized resources.
Social engineers essentially use a number of techniques to fool the users into revealing sensitive information.