8.1 Social Engineering Concepts

What is Social Engineering?

  • Social engineering is the art of convincing people to reveal confidential information. Common targets of social engineering include help desk personnel, technical support executives, system administrators, etc.
  • Social engineers depend on the fact that people are unaware of their valuable information and are careless about protecting it.

Behaviors Vulnerable to Attacks

  • Human nature of trust is the basis of any social engineering attack.
  • Ignorance about social engineering and its effects among the workforce makes the organization an easy target.
  • Fear of severe losses in case of non-compliance to the social engineer's request.
  • Social engineers lure the targets to divulge information by promising something for nothing (greediness).
  • Targets are asked for help and they comply out of a sense of moral obligation.

Factors that Make Companies Vulnerable to Attacks

  • Insufficient Security Training.
  • Unregulated Access to the Information.
  • Several Organizational Units.
  • Lack of Security Policies.

Why is Social Engineering Effective?

  • Security policies are as strong as their weakest link, and humans are most susceptible factor.
  • It is difficult to detect social engineering attempts.
  • There is no method to ensure complete security from social engineering attacks.
  • There is no specific software or hardware for defending against a social engineering attack.

Phases in a Social Engineering Attack

  • Research on Target Company: Dumpster diving, websites, employees, tour company, etc.
  • Select Victim: Identify the frustrated employees of the target company.
  • Develop Relationship: Develop relationship with the selected employees.
  • Exploit the Relationship: Collect sensitive account and financial information, and current technologies.

results matching ""

    No results matching ""