SOCIAL ENGINEERING
Introduction
In this section am going to teach you about a simple but a dangerous hacking method, before that I like to ask you a question..?
Don't worry not a complex question.. Have you heard about Et tu Brute..?
Yes the last words of Julius Caesar, even though several senators stabbed him with the knife most painful might be the Brutus stabbing.
Social Engineering is like that this attack basic principle is to exploit the trust.
Social Engineering
We can say Social Engineering is an art of convincing people, and exploiting that trust.
As an example I 100% sure that you or someone you know should have received a phone call from a person introduced himself as Bank Staff or Manger asking for your bank account number, E-banking password, OTP, CVV number like that, what will happen if we provide that details in few seconds our account will be empty.
Phases of Social Engineering
1. Research Phase
They will research on target company,employees,website etc.
2.Select Victim
Identify frustrated employee of the company.
3. Develop Relationship
Attacker will make a good relationship with the employee.
4. Exploit Relationship
Collect Sensitive account and financial information.
Types of Social Engineering
- Human Based Social Engineering
- Computer Based Social Engineering
- Mobile Based Social Engineering
Human Based Social Engineering
In this method the attacker will pretend as an authorized user, he will impersonate a legitimate user
maybe direct or by telephonic,email etc. They will trick the listeners to revel there sensitive information.
Computer Based Social Engineering
In this method the attacker will use online trick to collect data, he will use phishing(good looking fake pages) pages that ask you to enter user_id and password.
eg. Have you ever seen a notification in your mobile phone showing the device name and model you use and saying there is a virus in your mobile install this software to remove the virus and mobile will continuously start vibrating.If you install this application that will be malware which will help attacker to hack you.
Mobile Based Social Engineering
In this attack the attacker will create malicious app with attractive features and similar name of a popular app.
eg. Google Pay is a popular app one day you decided to install google pay through a link that someone have shared or from play store and you installed an app Google Payer which look similar to google pay and work exactly like that and you will provide all the details there and this information will go to the attacker.
Counter Measures
- Change password periodically
- Avoid Guessable password
- Provide Training to employees
- Restrict the access privileges
- Classification of Information
Tool Used in Social Engineering SEToolkit
0 comments:
Post a Comment