- Social engineering is an art of exploiting human behavior to extract confidential information.
- Social engineers depend on the fact that people are unaware of their valuable information and are careless about protecting it.
- Social engineers attempt to gather:
- Credit card details and social security number
- User names and passwords
- Security products in use
- Operating systems and software versions
- Network layout information
- IP addresses and names of servers
- Social engineering techniques:
- Eavesdropping
- Shoulder surfing
- Dumpster diving
- Impersonation on social networking sites
- Eavesdropping:
- Eavesdropping is unauthorized listening of conversations or reading of messages.
- It is interception of any form of communication such as audio, video, or written.
- Shoulder Surfing:
- Shoulder surfing is a technique, where attackers secretly observes the target to gain critical information
- Attackers gather information such as passwords, personal identification number, account numbers, credit card information, etc.
- Dumpster Diving:
- Dumpster diving is looking for treasure in someone else's trash.
- It involves collection of phone bills, contact information, financial information, operations related information, etc. from the target company's trash bins, printer trash bins, user desk for sticky notes, etc.