SOCIAL ENGINEERING - the art of exploiting human mind

Image by Darwin Laganzon from Pixabay

In hacking, there is a strategy that is called social engineering. In Social Engineering, cyber attackers manipulate the humans mind for there own benefits. If you want to know more about social engineering attacks and how to protect yourself from it? Read this article.

WHAT IS SOCIAL ENGINEERING?
Social engineering is the art of manipulating human minds usually through technology so peoples make security mistakes and attackers succeed in gaining access to network locations, systems, data, and confidential information, etc. Cyber attackers use social engineering tricks because sometimes it's easier to fool someone to gain confidential information rather than try to hack systems. They exploit human weakness, using confidence trick to complete purpose. It is different from a standard technical hacking and often used by one of many steps in a more complex fraud scheme without or with addition to any technical vulnerabilities. Social engineering attacks work just as well over social media, e-mail, or phone. There only one common thing is they use human nature to their advantage, preying on our greed, curiosity, fear, and our desire to help others.

TYPES OF SOCIAL ENGINEERING:-

• Baiting:- It is a type of social engineering attack depends upon a victim taking the bait. Baiting attacks use a false promise to complete a victim’s greed or curiosity. They bait users into a trap that infects their systems with malware or steals their personal information.
• Pretexting:- Pretexting is the use of an interesting pretext and series of cleverly crafted lies. The attacker usually starts by establishing trust with their victim and pretend to need sensitive information from a victim to perform a critical task.
• Scareware:- This attack involves victims receive false popups, prompt, alarms, and fictitious threats and show users that their system is infected with malware, prompting them to install software that is malware itself. It is also distributed via spam email that shows fake warnings or offers for users to buy harmful and worthless services.
• Inducing fear:- In this attack, attackers pretend to be a third party and alert you to some danger like someone hacked your account, your bank card is deactivated, etc. and asks for your OTP or password to help solve the problem.
• Phishing:- It is the most popular social engineering attack type, phishing scams attempt to convince users that they are in fact from legitimate sources. Phishing scams use email or text message campaigns aimed and crafted to deliver a sense of curiosity, fear, or urgency in victims. It then prods them to open malicious attachments, revealing sensitive information, or clicking on links to malicious websites.
• Spear phishing:- It is like phishing but more targeted version of the phishing scam whereby the attacker chooses a specific individual or organization. Then tailor their messages based on characteristics, contacts, and job positions belonging to victims to make their attack less specific. Spear phishing is harder to detect and has a better success rate if it's done skillfully.
• Vishing:- Vishing is also known as voice phishing it is the voice version of phishing. But otherwise, the scam attempt is the same. Criminal uses of social engineering over the phone to trick and gather financial and personal information from the target.
• Honey trap:- In this attack the attacker pretends to be an attractive person to interact with a victim and create fake online relationships, and gather sensitive information through that relationship.

SOME EXAMPLES OF SOCIAL ENGINEERING:-

• An attacker might leave a USB stick, loaded with malware, in a conspicuous place where potential victims will see it. Victims pick up the USB stick out of curiosity and plug it into a computer to see what’s on it, resulting in automatic malware inject itself into the computer.

• When victims surf the web a legitimate-looking pop-up banner appearing in your browser displaying such text such as "Your computer infected with harmful malware" and offers victims to install the antivirus tool (malware-infected application) or redirect you to a malicious site where your computer becomes infected.

• The attacker usually starts to establish trust with the victim by presenting fake identity of co-workers, bank employees, tax officials, police, or other persons who have right-to-know and ask some questions that are ostensibly required to confirm the victim’s identity, through which they gather login credentials or other important personal data.

• An email sent to the victim of an online service that alerts a required password change. That appears to come from a trusted source including a link to an illegitimate website nearly identical in appearance and asking email recipients to click on a link and enter current credentials and new password. When the victim submits the current credentials So that information is automatically sent to the attacker.

HOW TO PROTECT YOURSELF AGAINST SOCIAL ENGINEERING ATTACKS:-

• Popups, Text, Emails:- Cybercriminals can send you fraudulent emails, text messages, popups, online advertisements. So if it is looking doubtful, don't click on it. Instead, open your internet browser and go to the website directly or contact to company or entity.
• Antivirus:- Using an antivirus program is like adding an extra layer of security to our system because it detects a Virus, Backdoor, Malware, Trojan and helps us to remove them from our system. Make sure you should always update your antivirus to the latest version. 
• Multifactor authentication:- In two-factor authentication you receive a separate code on your registered email or mobile no when you try to login to your account. Nowadays many websites providing two-factor authentication. That enables an extra layer of security for you. If you have an option of two-factor authentication so enable it.
• Tempting offers:- If an offer looks too enticing, think before accepting it as fact.  Searching the topic on the internet can help you to determine whether you’re dealing with a legitimate offer or a trap.
• Lock:- Lock your laptop or desktop whenever you are going away from them.
• Inform:- Keep yourself and every employee of your organization informed about what is social engineering and the latest techniques.
• Spam Email:- Always turn on spam filters option of email program to filter out as much junk mail as possible.

Conclusion:- This article is all about Social engineering. Feel free to ask in the comment section if you have any queries.