Tuesday, January 19, 2021

Cyber Security | What is Social Engineering

 Social Engineering

When any personal information is deceitfully collected from someone rather than technical hacking, it is called social engineering. Techniques used for social engineering are as below;

  • A phishing attack 
  • Phone spoofing or SMS Spoofing

Social engineering has proven a very effective way for a attacker to get in to your organization or network. Once a social engineer has a trusted employee's password, he can simply log in and snoop around for sensitive data. With an access card or code in order to physically get inside a facility, the criminal can access data, steal assets or even harm people.

A good way to get a sense of what social engineering tactics you should look out for is to know about what's been used in the past.

Offer something sweet, Fake it till the successful, Act like you are in charge, 

Tips to avoid Social Engineering;

  • Train yourself or conduct security awareness drive.
  • Brief any attack suspect to peers or friends.
  • Test phishing reporting reporting system and incident management.

 The social engineering attacks can be grouped into three types:

  • Human-based
  • Mobile-based
  • Computer-base
Human-Based Attacks:

They may act as a legitimate user and request for information or they pose as a higher authority and may ask for sensitive information. They try to gather sensitive and confidential details.

Tailgating: When an authorized person arrives into a restricted area, the unauthorized person also enters the restricted AREA without the employee’s knowledge.

Piggybacking: Here the attacker may pose as an employee and ask the authorized employee to allow him to enter along with him. He may give fake reasons like he forgot his smart badge, etc.

Dumpster Diving: Any confidential or sensitive document should be properly shredded before disposed into the dustbin. If not, an attacker may just look into the dustbin to access the confidential information.

Eavesdropping: Unauthorized listening to conversations thereby collecting important data is called as eavesdropping.

Shoulder surfing: It is a direct observation technique like looking over someone’s shoulder to know the sensitive information like password, pin numbers, etc.


-DR
at

1 comment:

  1. top 20October 6, 2021 at 3:00 AM

    I am very much pleased with the contents you have mentioned. I wanted to thank you for this great article.
    hacking social media accounts

    ReplyDelete

Subscribe to: Post Comments (Atom)

Network Scanning Tools

Network Scanning through Nmap and Nessus Network scanning is a process used to troubleshoot active devices on a network for vulnerabilities....

  • Basics of Ethernet
    Ethernet   Ethernet is the Media access method in a network where all the device or hosts , that share data or share the bandwidth in betw...
  • Telecom | STM-1/4/16 SDH Multiplexer- Part 2
    STM-1/4/16 SDH Multiplexer In my older post I have covered the basic STM and STM-1. STM1 is a synchronous digital hierarchy (SDH) is standar...
  • General IT Controls -ITGC & GTAG
    General IT Controls (GITC or ITGC) Information Technology General Controls is a type of internal controls which is combined a set of policie...