Home / IT Security / Security+ / Social Engineering: The Art of Hacking Humans

Social Engineering: The Art of Hacking Humans

 What is Social Engineering? Social Engineering is a term that is widely used but poorly understood. It’s generally defined as any type of attack that is nontechnical in nature and that involves some type of human interaction with the goal of trying to trick or coerce a victim into revealing information or violate normal security practices.

Social engineers are interested in gaining information they can use to carry out actions such as identity theft or stealing passwords, or in finding out information for later use. Scams may include theft or stealing passwords, or in finding out information for later use. Scams may include trying to make a victim believe the attacker is technical support or someone in authority. An attacker may dress a certain way with the intent of fooling the victim into the thinking the person has authority. The end goal  of each approach is for the victim to drop their guard or for the attacker to gain enough information to better coordinate and plan a later attack.

 

NOTE: Social engineering is the one of the few types of attacks that can be classified as nontechnical in the context of the CEH exam. The attack category relies on the weaknesses or strengths of human beings rather than application of technology. Human beings have been shown to be very easily manipulated into providing information or other details that may be useful to an attacker.

If it helps, you can think of social engineers in the same context as con artists. Typically, individuals who engage in this type of activity are very good at recognizing telltale signs or behaviors that can be useful in extracting information, such as the following:

Moral Obligation An attacker may prey on a victim’s desire to provide assistance because they feel compelled to do so out of a sense of duty.

Trust Human beings have an inherent tendency to trust others. Social engineers exploit a human’s tendency to trust by using buzzwords or other means. In the case of buzzwords, for example, use of familiar terms may lead a victim to believe that an attacker has insider knowledge of a project or place.

Threats A social engineer may threaten a victim if they do not comply with a request. Will reap tremendous rewards.

Ignorance The reality is that many people do not realize  the danger associated with social engineering and don’t recognize it as a threat.

 

WHO DOES SOCIAL ENGINEERING WORKS?

Social engineering is effective for a number of reasons, each of which can be remedied or exploited depending on whether you are the defender or the attacker. Let’s take a look at each:

Lack of a Technological Fix Let’s face it, technology can do a lot to fix problems and address security-but at the same time, it can be a source of weakness. One thing that technology has little or no impact on is blunting the effectiveness of social engineering. This is largely because technology can be circumvented or configured incorrectly by human beings.

Insufficient Security Policies The policies that state how information, resources, and other related items should be handled are often incomplete or insufficient at best.

Difficult Detection Social engineering by its very nature can be hard to detect. Think about it: An attacker against technology may leave tracks in a log file or trip an intrusion detection system (IDS), but social engineering probably won’t.

Lack of Training Lack of training or insufficient training about social engineering and how to recognize it can be a big source of problems.

 

“There is no patch for human stupidity”.

 

About Jahanzaib Khan

Jahanzaib Khan is Web Designer & Ethical Hacker. He Who has been working since 2014, and is managing several successful websites on the internet for about 3 years. Jahanzaib-khan.com

Check Also

Information Security Governance

Information Security Governance

Information security governance is the information security in the organizational level, which includes senior management, …

15 comments

  1. bhai ma whatsapp vala friend ho bhai ap nai wifi hacking sakaney tu bhai chalo ideas dea do plz dea chalo vaha sea sakey leata ho jaha sea ap ny wifi hacking saka hi vo valea website bhata dea

  2. bhai teamviwer hi gea ap dobara watsapp pr ajea plz bhai i am sorry bhai ab taga ni kro ga bhai plz help kr do plz bhai teamviwer id or password send kr deta ho plz bhai i am sooy whatsapp pr ajao na plz ap key bhota merbani ho gea

  3. plz bhai ap key boht merbani ho ap mojea saka dea plz help bhai whatsapp pr ajea

Leave a Reply

Your email address will not be published. Required fields are marked *