Skip to main content

SOCIAL ENGINEERING

 What is Social Engineering?

Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. Psychological manipulation of people into performing actions or divulging confidential information. Getting the required data by manipulating the human mind.

Social Engineering Lifecycle

InformationGathering

Gather the required information to attack the target.

use OSINT to gather information.

Extracting information from google search.

prioritize the information.

verify the information.

plan the attack.

Establishing a Relationship with the target

Engage with the target.

create a story.

Interact with the target.

Exploitation

Maintain the story.

Extarct information.

Exit

Closes interaction.

Cover tracks.

Traits of Social Engineering Attacks

Social engineering attacks center around the attacker’s use of persuasion and confidence.

Heightened emotions : Emotional manipulation gives attackers the upper hand in an any interaction.The following emotions are all used in equal measure to convince you.

  • Fear
  • Excitement
  • Curiosity
  • Anger
  • Guilt
  • Sadness

Social engineering comes in many forms.

The most popular social engineering attack types, phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims.

Spear phishing does require more effort from the attacker’s side, as he needs to perform a full OSINT investigation on the victim(s), perform extensive research about everything surrounding them and customize the email, which makes it much harder to distinguish from a legitimate email and ups the attacker’s chances of succeeding.

Vishing uses phone calls to trick people into giving away their private data. The attacker creates a fake phone number, calls an individual posing as a bank or some other service provider, and asks for their credentials or bank account details.

This attack abuses your natural curiosity to coax you into exposing yourself to an attacker.

Popular methods of baiting can include:

  • USB drives left in public spaces, like libraries and parking lots.
  • Email attachments including details on a free offer, or fraudulent free software.

Physical Breach Attacks

Physical breaches involve attackers appearing in-person, posing as someone legitimate to gain access to otherwise unauthorized areas or information.

Pretexting

 

Pretexting may be hard to distinguish from other types of social hacking attacks. It can be performed using different attack vectors, including email, phone calls or even face-to-face communication.

Access Tailgating Attacks

Tailgating is the act of trailing an authorized staff member into a restricted-access area. Attackers may play on social courtesy to get you to hold the door for them or convince you that they are also authorized to be in the area.

Scareware Attacks

Scareware is a form of malware used to frighten you into taking an action. Scareware is often seen in pop-ups that tell the target their machine has been infected with viruses.

Social engineering is not only on virtual, it also affects physical security.

The friendly guy you just held the door open for carrying the donut boxes could be a hacker in disguise, who sneakily plugs a USB Ninja Cable into a company computer and injects it with malicious software when no one is looking.


Examples of Social Engineering Attacks

Worm Attacks

A computer worm is a type of malware that spreads copies of itself from computer to computer. A worm can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage.

  • The LoveLetter worm that overloaded many companies’ email servers in 2000. Victims received an email that invited them to open the attached love letter. When they opened the attached file, the worm copied itself to all of the contacts in the victim’s address book. This worm is still regarded as one of the most devastating, in terms of the financial damage that it inflicted.
  • The Mydoom email worm — which appeared on the Internet in January 2004 — used texts that imitated technical messages issued by the mail server.
  • The Swen worm passed itself off as a message that had been sent from Microsoft. It claimed that the attachment was a patch that would remove Windows vulnerabilities. It’s hardly surprising that many people took the claim seriously and tried to install the bogus security patch — even though it was really a worm.

Lock picks

Button Camera

Hat Camera

Recorders

Gps Tracker

HackSearch Pro Plugin

Shodan

Peekyou

Maltego

Social Engineering toolkit

Common user password profiler

Spoofcard

Unshredder

Metagoofil

How to Prevent Social Engineering Attacks?

Online communication is where you’re especially vulnerable. Social media, email, text messages are common targets, but you’ll also want to account for in-person interactions as well.

Don’t open emails or messages and attachments from suspicious sources.

Use multi-factor authentication.

Use strong passwords (and a password manager).

Avoid sharing names of your schools, pets, place of birth, or other personal details.

Be very cautious of building online-only friendships.

Never let strangers connect to your primary Wi-Fi network.

Keep your antivirus/antimalware software updated.

Use a VPN.

Keep all network-connected devices and services secure.

Don’t ever leave your devices unsecured in public.

Be wary of tempting offers.

Identify the Fake.

Comments

Post a Comment

Popular posts from this blog

Extract Information From IP Address

Before Enter into the blog a small Disclamier use this for Educational and Research Purposes only. Don’t do this for any illegal activity the creator is not responsible for your activity. This is only for OSINT Investigation. There are several ways to get information about IP address. But this tool can give infomation about IP and detect the the IP is using VPN or Not. This tool is completely developed with python. Open Terminal, you can use google cloud console terminal also. Go to https://github.com/maari-krish/Ipinfoga Clone the Repository. Follow the Installing Steps which mentioned in github repository. Here i hide the IP. You please the enter the ip and move on.You can open the gps location in your browser which it is precised location not the exact location of the IP. To detect the IP is using vpn it is in different repository. But i combined the code and give it. Source code is given below. Go to https://github.com/maari-krish/Vpn-Detector Follow the steps given in the reposito
Post a Comment
Read more

Top Ransomeware attacks in 2021?

The number of ransomware attacks nearly doubled in the first half of 2021. According to research, 1,097 organizations were hit by ransomware attacks in the first half of 2021. In contrast, our 2020 report found 1,112 ransomware attacks for the entire year. Also in 2021 major companies were affected by ransomeware attacks. Ransomeware πŸ˜‚πŸ˜‚ Before enter, a small definition about ransomeware for the people who doesn’t know anything about ransomeware. πŸ˜†πŸ˜†πŸ˜† What is Ransomeware? Ransomware is a type of malicious software (malware) that threatens to publish or blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker. In simple words I think now cleared about ransomeware. Top ransomeware attacks in 2021? Big compaines be like🀣. Colonial Pipeline Company The Colonial Pipeline attack made such an impact because the pipeline is an important part of the national critical infrastructure system. Taking the system down disrupted gas s
Post a Comment
Read more

Pegasus Spyware

What is Pegasus,how it is installed,what it does, how to be detect? For all the questions here the solution, before that we can see what is Pegasus and what it will does. What is Pegasus? Pegasus, developed by Israeli cybersecurity firm NSO Group, is a highly sophisticated spyware that has been referred to as the “most sophisticated smartphone attack ever”. Pegasus is a program that allows the controller (a person who has injected the spyware) can access to the infected smartphone’s microphone, camera, messages, emails, and collect location data also. As per a Kasp e rsky report, Pegasus even allows you to listen to encrypted audio streams and read encrypted messages. In one word to say is“ hacker has the access to the entire phone ”. Pegasus was first noticed in 2016 but it created a lot of buzz in late 2019 when it was revealed that the spyware was used for snooping on journalists and human rights activists across the globe, including in India. And now Now, It was a news Published by
Post a Comment
Read more