Social Engineering

 Spend Millions of Dollars $$ then also got hacked, while your servers ran on the latest security updates and patches, completely hardened, Then it might be a social engineering attack.

Remember the movie "Catch me If you can" ,  Frank Abagnale Jr used social engineering in almost the whole movie.

There is no single security mechanism/technical way that can prevent from social engineering techniques used by attackers. Only educating employees on how to recognize and respond to social engineering attacks can minimize attackers' chances of success. Before going ahead with this  module, let's first discuss various social engineering concepts.

 

What is Social Engineering?

Social engineering is the art of convincing people to reveal confidential information.

Common targets of social engineering include help desk personnel, technical support executives, system admins, etc.

Social engineering depend on the fact that people are unaware of their valuable information and are careless about protecting it.

Impact of Attack on Organization 

1. Economic losses 
2. Damage of goodwill 
3. Loss of privacy
4. Dangers of terrorism 
5. Lawsuits and arbitration 
6. Temporary or permanent closure

 Factors that Make Companies Vulnerable to Attacks

• Insufficient security training 
• Unregulated access to the information
• Several organization units
• lack of security policies

Why is Social Engineering Effective ?

• Security policies are as strong as their weakest link, and humans are the most susceptible factor
• Its is difficult to detect social engineering attempts
• There is no method that can be applied to ensure complete security form social engineering attacks
• There is no specific software or hardware for defending against a social engineering attack

Phases of a Social Engineering Attack

• Research on Target Company {Dumpster driving, websites, employees, tour company, etc.}
• Select Victim {Identify the frustrated employees of the target company} 
• Develop Relationship {With the victim in order to gains its trust}
• Exploit in the Relationship {Collect sensitive account and financial information, and current technologies}   

Types of Social Engineering 

• Human-based Social Engineering:

>>>Gathers sensitive information by interaction
>>>Techniques: Impersonation, Vishing, Shoulder Surfing, Reverse Social Engineering, Dumpster Driving, Piggybacking etc

• Computer-based Social Engineering:

>>>Social engineering is carried out with the help of computers
>>>Techniques: Phishing, Spam Mail, Pop-up Window Attack, Instant Chat Messenger

• Mobile-based Social Engineering:

>>>It is carried out with the help of mobile applications
>>>Techniques: Publishing Malicious Apps, Repacking Legitimate Apps, Using Fake Security Applications, SMShing (SMS Phishing)