Social Engineering
Unit outline:
Introduction of Social engineering.
The goal of social engineering.
Types of social engineering attacks.
Famous people in social engineering.
Unit objective:
Explanation the meaning of social engineering.
Explanation the tricks used in social engineering.
Explanation the techniques used in social engineering.
3.1 Introduction:
Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. Trusted people can fail to be trustworthy when it comes to protecting their aperture of access to secure computer systems due to inadequate education, negligence, and various social pressures. The people always Weaker than you imagine, wish to mean the professional people can get the information from the victim to be able to hack the account. Such attacks can occur on both a physical and psychological level. Often the victim feels safe so that he does not know how dangerous the situation. Psychology is often used to create a rushed or officious ambiance that helps the social engineer to cajole information about accessing the system from an employee.
3.2 The goal of social engineering:
It is access to the unauthorized system has access to it, or get information by deception or snooping on the network or to spy on the production line, impersonate or disable the system or network.
3.3 Types of social engineering attacks:
3.3.1 Human-based:
This is the unauthorized listening to of communication between two people to be able to get some information help the hacker to attack your account. For Example: the hacker makes a conversation with the victim to get the information to attack the computer in the future.
3.3.2 Computer-based:
Looking through the trash for sensitive information. The hacker can often find passwords, file names, or other.
For Example: the hacker uses your computer to get some password to be able to attack your computer in the future.
3.4 Social Engineering by Phone:
The most prevalent type of social engineering attack is conducted by phone. The hacker call the victim using phone as a service company or bank employ etc… , than the victim well believe that then hacker can get information how can access for victim account. For example let say the hacker is person A and the victim is person B, A well call B Claiming that he is an employee at the bank and wants information about the victim providing a fun service, when B give A a information about him than A well Access to B account than can stall his money.
3.5 Dumpster Diving:
“company phone books, organizational charts, memos, company policy manuals, calendars of meetings, events and vacations, system manuals, printouts of sensitive data or login names and passwords, printouts of source code, disks and tapes, company letterhead and memo forms, and outdated hardware.” For Example: If the victim sold, his phone but he did not format his phone than the hacker can buy his phone and stall his information our social media account. Another example: If the victim threw the papers, into the garbage and these papers has an important information like (Figure 3.3) about his company than the hacker can take these papers and hack the company using the information in these papers.
3.6 Reverse Social Engineering:
A final, more advanced method of gaining illicit information is know as “reverse social engineering”. This is when the hacker creates a persona that appears to be in a position of authority, so that employees will ask him for information, rather than the other way around. If researched, planned and executed well, reverse social engineering attacks may offer the hacker an even better chance of obtaining valuable data from the employees; however, this requires a great deal of preparation, research, and pre-hacking to pull off. For example: the hacker make a Virtual page on the Internet like Gmail login like (Figure 3.4), than the victim use this page to login for his account than his Email and password send directly to the hacker.
3.7 Famous people in social engineering:
In 1999 Ramy Badir, Muzher Badir and Shade Badir have 44 charges made against them for crimes such as telecommunications fraud, computer data theft and impersonating a police officer. Despite being blind from birth, these three brothers used social engineering and hacking techniques to swindle as much as $2 million from their victims.
3.8 Conclusion:
In conclusion, the hacker people use many different why to hack your computer, or your account. This kind of people need to avoid them to protect yourself, nowadays social engineering become as a new style of the hacker because many people do not know any think about social engineering, wish mean all this become a danger for you, also when the technology develop every day, that mean the dangers become high every day.
3.9 Unit review:
social engineering Depend on?
……………………………………………………………………………………………………………………………………………………
Stanley Mark Stole the bank in?
..............................................................................................................................................................................................................................................................................................
How much money Stanley Mark stole from the bank?
……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
Social Engineering by Phone depend on?
…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………...
Get the information from the garbage is a part of?
…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………..
What is the goal of social engineering ?
……………………………………………………………………………………………………………………………………………………………………………………
Reference:
Jackson, W. A. (1994). Gunnar Myrdal and America's conscience: Social engineering and racial liberalism, 1938-1987. UNC Press Books.
Orgill, G. L., Romney, G. W., Bailey, M. G., & Orgill, P. M. (2004, October). The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems. In Proceedings of the 5th conference on Information technology education (pp. 177-181). ACM.
