What is social engineering Attack?

Social Engineering Attack is generally regarded as the art of interfering in people's actions or giving confidential information

In the context of information security, social engineering refers to psychological manipulation in people doing tasks or giving confidential information.

It is different from social engineering within social science, in which confidential information is not disclosed. For the purpose of information gathering, fraud, or system access, a kind of confidence move,

All Social Engineering Attack techniques are based on the specific characteristics of human decision-making, which are called cognitive bias. These prejudices are sometimes called "worms in human hardware", exploitation in various combinations to create attack techniques, some of which are listed below.

The attacks used in Social Engineering can be used to steal the employees' confidential information. The most common type of social engineering is on the phone. Other examples of Social Engineering Attacks are criminals, which are unknown as firefighters, firefighters, and technicians because they steal company secrets.

An example of Social Engineering Attack is a person who runs in a building and the company posts an official-looking announcement to Bulletin, which states that the number of help desk has changed.

Therefore, when the employee asks for help, the person asks for their password and the ID, which gives the company the ability to access personal information.

Another example of Social Engineering Attack would be that the hacker contacts the target on the social networking site and starts the conversation with the goal. Gradually the hacker gets the confidence of the target and then uses that trust to gain access to sensitive information like passwords or bank account details.

Types of Social Engineering Attack

social engineering attack by Vishing

Wishing, otherwise known as "Voice Fishing", is a criminal practice to use social engineering on telephone systems to gain access to personal and financial information from the public with a view to financial reward. To collect more detailed intelligence on the targeted organization, the attackers are also employed for Renaissance purposes.

social engineering attack by Phishing

Phishing is a technique for getting personal information from fraud. Generally, Fisher sends an email that comes from legitimate business - a bank, or a credit card company requests "information" of the information and warnings of some serious consequences if it is not provided. E-mail usually contains a link to a fraudulent Web page that looks legitimate with the company logo and content - and requesting everything on the ATM card PIN or credit card number from a home address There is a form.

social engineering attack by Smishing

The task of using SMS text messaging to engage victims in a specific course of action. Like phishing, it can click on to reveal any malicious links or information

social engineering attack by Spear phishing

Although similar to "phishing", spear phishing is a technology that receives personal information from fraud by sending highly customized email to end users.

This is the main difference between phishing attacks because phishing campaigns expect to send a high volume of normalized email that only a few people will reply.

On the other hand, for spear phishing emails, attackers need to do additional research on their goals in order to "trick" the final users in performing the requested activities.

The success rate of Spear Phishing Attacks is significantly higher than those of phishing attacks with people who open almost 3% of phishing emails compared to about 70% of potential efforts. Also, when users actually open email phishing emails, compared to the success rate of 50% of the speaker-phishing attack, there is a relatively modest 5% success rate to link or attachment click.

social engineering attack by Water holing

Water holding is a targeted social engineering strategy that capitalizes on trust users who trust users who they regularly see. The sufferer feels safe to do those things which they will not do in a different situation.

A careful person, for example, might be aimed at clicking on a link in an unwanted email, but the same person will not hesitate to follow a link on that website which he often visits. So, the attacker prepares a trap for unwanted prey on a favorite water hole.

This strategy has been successfully used to gain some very secure system

social engineering attack by Baiting

Batting is like the real world trojan horse that uses physical media and depends on the victim's curiosity or greed. In this attack, attackers leave malware infected floppy disks, CD-ROMs, or USB flash drives, where people will find them, give them a valid and curiosity-printing label, And is waiting for the victims

social engineering attack by Tailgating

An attacker who demands access to the protected area by unused, electronic access control. By RFID card, it just follows the person who has legitimate access.

After a common courtesy, a legitimate person usually opens the door to the attacker or the attacker may ask the employee to open it for them.

A valid person may fail to ask for identification for a number of reasons or accept a claim that the attacker has forgotten or lost the appropriate identification token. The attacker can also mimic the operation to present an identity token.

Notable social engineers in the  world 

Kevin Mitnick

Kevin Mitnick is an American computer security consultant, writer, and hacker who is known for his high profile 1995 arrest and subsequent punishment for five years of various computer and communications related crimes.

Now he runs the security firm Mitnick Security Consulting, LLC, which helps the security forces, weaknesses and potential flaws of test companies. He is also the chief hacking officer of the Security awareness training company Nobie 4 as well as an active advisory board member in Zimparium, who develops a mobile intrusion prevention system.

Christopher Hadnagy

Known in the United States and as a Human Hacker or People's Hacker, he is the creator and author of SEOPodcast. Social Engineering: The Art of Human Hacking, Unmasking of Social Engineers, Fishing Dark Waters and Social Engineering: The Science of Human Hacking. Hadji is a famous public speaker, who is speaking to share his experience of social engineering across the world.

How to Defence Social Engineering Attacks

Verify identities

Do not trust anyone's identity on the phone, individually or on the Internet, because they tell you their name. Remember, a social engineer can be very trustworthy and possibly researched on his projected identity.

Ideally, there should be three things in authentication: who are you, what do you have and what you know. It is not always possible through telephone or internet always. However, the person who is claiming identity may possibly meet these two criteria.

Update your Operating System

Linux or Windows updates are very important, but this is not the only software that should be patched and updated. I believe that it can be difficult to test patches manually for all your programs like Flash, Adobe and various web browsers. Fortunately, people have made excellent programs that automatically check your current software version against the latest version of the software available.

Tags: social engineering,what is social engineering,social engineering attack,social engineering attacks,social engineering techniques,social,engineering,what is social engineering attack in hindi/urdu 2018,social engineering hacking,what is social engineering?,what is social engineering in hindi,social engineering hindi,social engineering the art of human hacking,social engineering prevention