Social engineering is simply getting people to provide information. It's as easy as making someone smile or creating a fake event to voluntarily give up what the performer wants. First, let's talk about who is using social engineering in the tech world. The best or worst part of social engineering is that most people think that hackers are the only ones using this technology, depending on which side they are on. Sure, hackers use it, but there are people who do it for financial gain.
Let's say someone who works for a tech company contacts you and asks for information about the next "big deal" from the competition. I will pretend to be a painter and help him and tell him that he will provide a painting service at the staff salon. I usually feel good during breaks and lunch, so I think he will talk about various things. Before you start work, do your homework until you find something you want to talk about. When you draw a picture, you start listening to some conversations. A new project is under development and the testing phase should start in a few weeks. For more information, add 2 cents to the conversation. At the end of the day, I inform the people who hired me, give them the information they want, they receive my money, and they leave. It can happen very easily. So who could be the victim of a social engineering attack? Almost everyone, especially when working in a position where friendship is mandatory.
See another example from the receptionist. Suppose someone is trying to access your corporate network and you have access problems. He pretends to be a supplier and delivers the package to the company looking for information. Standing at her reception, she realized she was having a tough day and decided to convey her beauty of herself today with her smile. So what kind of woman doesn't want it? Having cleared the deadlock, I decided to ask about my computer, such as "Which operating system are you using?" Or "Who is your technical support person?" Answering these questions will help suppliers access the corporate network.
Another common form of social engineering is shoulder surfing. Shoulder navigation is when someone walks past your computer and looks at the screen to see what you're seeing. This is a common way to get passwords, PINs, and other information. This Type of Social Engineering Attack is very effective in crowded areas, mostly because no one cares about your behavior. Watching someone dial a phone number on a pay phone, touching the keyboard of a locker rented at the airport, or any other activity done in a public place is all possible information. You can also think of it as social engineering by looking at the license plate number. I'm not saying you are paranoia and you always have to look over your shoulder. I'm just saying that someone always has a chance to get information from you.
Most social engineers are very proficient in their appeal and language. If they look good, they wear the same. If they think someone might provide the information, they continue the conversation. If not, they will finish it immediately and try another day.
Here is a list of some common ways to use social engineering. Of course, this is not a complete list, but some common methods.
· Phone
· Scam tricks
· Back door
· Social media
· Role play
· Shoulder surfing
The general rules are very simple, but not so easy to follow. Do not provide information that no one needs. Why do I need to know the operating system my provider is using? The answer is simple: they don't! If someone starts asking about company employees or information, please politely state that you are not authorized to provide the information. It's not rude to do so. You simply follow the company policy.
The Art of Social Engineering
Social engineering is simply getting people to provide information. It's as easy as making someone smile or creating a fake event to voluntarily give up what the performer wants. First, let's talk about who is using social engineering in the tech world. The best or worst part of social engineering is that most people think that hackers are the only ones using this technology, depending on which side they are on. Sure, hackers use it, but there are people who do it for financial gain.
Let's say someone who works for a tech company contacts you and asks for information about the next "big deal" from the competition. I will pretend to be a painter and help him and tell him that he will provide a painting service at the staff salon. I usually feel good during breaks and lunch, so I think he will talk about various things. Before you start work, do your homework until you find something you want to talk about. When you draw a picture, you start listening to some conversations. A new project is under development and the testing phase should start in a few weeks. For more information, add 2 cents to the conversation. At the end of the day, I inform the people who hired me, give them the information they want, they receive my money, and they leave. It can happen very easily. So who could be the victim of a social engineering attack? Almost everyone, especially when working in a position where friendship is mandatory.
See another example from the receptionist. Suppose someone is trying to access your corporate network and you have access problems. He pretends to be a supplier and delivers the package to the company looking for information. Standing at her reception, she realized she was having a tough day and decided to convey her beauty of herself today with her smile. So what kind of woman doesn't want it? Having cleared the deadlock, I decided to ask about my computer, such as "Which operating system are you using?" Or "Who is your technical support person?" Answering these questions will help suppliers access the corporate network.
Another common form of social engineering is shoulder surfing. Shoulder navigation is when someone walks past your computer and looks at the screen to see what you're seeing. This is a common way to get passwords, PINs, and other information. This Type of Social Engineering Attack is very effective in crowded areas, mostly because no one cares about your behavior. Watching someone dial a phone number on a pay phone, touching the keyboard of a locker rented at the airport, or any other activity done in a public place is all possible information. You can also think of it as social engineering by looking at the license plate number. I'm not saying you are paranoia and you always have to look over your shoulder. I'm just saying that someone always has a chance to get information from you.
Most social engineers are very proficient in their appeal and language. If they look good, they wear the same. If they think someone might provide the information, they continue the conversation. If not, they will finish it immediately and try another day.
Here is a list of some common ways to use social engineering. Of course, this is not a complete list, but some common methods.
· Phone
· Scam tricks
· Back door
· Social media
· Role play
· Shoulder surfing
The general rules are very simple, but not so easy to follow. Do not provide information that no one needs. Why do I need to know the operating system my provider is using? The answer is simple: they don't! If someone starts asking about company employees or information, please politely state that you are not authorized to provide the information. It's not rude to do so. You simply follow the company policy.
Related Articles