Wednesday, November 18, 2015

What is Social Engineering ? Introduction to Social engineering


What is Social Engineering?

Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.

Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software.  For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is really weak).

Security is all about knowing who and what to trust. Knowing when, and when not to, to take a person at their word; when to trust that the person you are communicating with is indeed the person you think you are communicating with; when to trust that a website is or isn’t legitimate; when to trust that the person on the phone is or isn’t legitimate; when providing your information is or isn’t a good idea.


Factors that make companies to vulnerable for Social Engineering

  • Insufficient Security Training
  • Easy of access of information
  • Lack of Security Professionals & Policies
  • Several organizational units

Effectiveness of Social Engineering:

  • Security policies are as strong as their weakest link, and humans are the most susceptible factor.
  • Its is difficult to detect social engineering attempts.
  • There is no method software or hardware for defending against a social engineering attack.
  • There is no specific software or hardware for defending against a social engineering attack.












Phases in Social engineering attacks:

  1. Research on Target Company.
  2. Select Victim.
  3. Develop relationship.
  4. Exploit relationship,

Types of Social Engineering:

1. Human based Social Engineering.

=> Gather Information by interactions directly.

2. Computer based Social Engineering.

=> Perform social engineering by involving the computer.

3. Mobile Based Social Engineering.

=> Perform social engineering by involving the mobile devices.



 download

No comments:

Post a Comment