Firstly i would just like to let you know in short what does it mean, then we will proceed towards in a bit dept to understand how and where does it happen?
What is Social Engineering Attack AKA SEA?
A attack which hardly requires any tools to acquire some information from a victim by gaining victim's confidence / analysing victim's pattern, whereabouts. This information could be used to gain access to system / network / accounts, etc.
What you should be more curious is that this attack does not need any kind of software / hardware flaw to perform a attack , it is purely a human error. Depending how the attacker plays / baits the victim into their trap.
The above image gives you a bit brief idea about how would the attack cycle be like, in some cases relationships don't play a role, it is purely on passive analysis no active presence is required. Still it would depend from situation to situation and person to person.
How is Social engineering attack performed?
Now let's get a peek inside this attack and see how it is performed.
Scenario 1: Let's say i have a friend, due to some reasons i want to login to his social account because he every-time bluffs about his social life. He won't tell me his password for sure but, somehow i need to analyse him and get to a conclusion, getting is User ID is not a big deal but, password is what i'm concerned about. After spending a lot of time with him, i get to know about what he talks about frequently, what kind of security he can think about, how concerned is he about security. what kinds of passwords he can use based on his likes and dislikes. Now i have ample of data, i can try to brute-force his login password / try different possible patterns.
Scenario 2: Let's get on with this one as i had performed SEA when i was in 10th standard. I used to play a lot of games those days and try to explore hacking as it amused me a lot. But, somehow my dad was concerned about my studies and he used to put setup a password so that i could not login and waste my much time on it. At some point of times i really had to do some work like searching some study materials and sometimes i needed to take some time off studies. Most of times my dad used to make a login and sometimes he was not present so he used to dictate me the password and once he was home he used to change it again. On first when he revealed me the password i made a note of it. On second time again i made a note of it and tried to relate any relations between those two password he had set. After a day i guessed the password and BINGO!! I could make a successful login.
Social Engineering Attack does not only mean to use some set of tools to guess a password / sensitive / confidential data. It mostly means to make a trap or guess / analyse things, on later maybe we could use some tools to exploit it.
Some types of attack that fall under Social Engineering Attack
- Phishing Attack
- One of the most accurate / still working attack, which is used to hack many accounts, in this attack the attacker tries to create a genuine identity of some legitimate institution / organization / some other social media and sends bulk email to victim(s) / individual convincing the victim with legitimate data and redirects
- A best example for this would be; the attacker cloned Facebook website and sends the cloned URL / path to victim by some manipulations done in between
- In upcoming posts we would be discussing this in detail, make sure you're subscribed to our channel
- Tailgating
- Also know as "piggybacking", in this attack the attacker seeks into into restricted area which would take place due to lack of proper authentication
- In some cases a example could also be that you're entering your ATM pin / password and someone just peeks from behind and memorizes it
- Scareware
- This attack involves victims being bombarded with some false alarms and fictitious threats. Users are compelled to think that their system is affected with some malware or a virus. It is mostly referred as deception software, rogue scanner and fraudware
- A common example could be when we tend to visit some sites having free download links for software / movies and suddenly after clicking the link a new popup window opens saying that you need to download so and software / application because your PC / device is infected and so on
In upcoming posts we are going to go in dept of these tricks also we would additionally learn some tips how to be safe from these attacks, trust me this is the most important part. Despite of security measures taken these days, accounts are hacked and misused.
Make sure you have subscribed to our channel, if not click here to subscribe. If you think this information was valuable and could educate someone, do share on social platforms, buttons are present below. Just give a click and spread the word.
Stay home, stay safe, take care, see you all again!
If you found this information valuable, click here to share. Also, subscribe to StackMantle by clicking here if you haven't, it encourages us to create more interesting posts. See you in the next one!
