TechChase
Dec
19

Social Engineering

Social engineering is the art of tricking someone into giving you something he or she should not. Hackers skilled in social engineering target the help desk, onsite employees, and even contractors. Social engineering is one of the most potentially dangerous attacks, as it does not directly target technology. An organization can have the best firewalls, IDS, network design, authentication system, or access controls and still be successfully attacked by a social engineer. That’s because the attacks target people. To gain a better understanding of how social engineering works, let’s look at the different approaches these attacks use, discuss how these attacks can be person-to-person or computer-to-person, and look at the primary defense to social engineering policies.

Six Types of Social Engineering

Robert Cialdini describes in his book, The Science and Practice of Persuasion, six types of behaviors for a positive response to social engineering. These include the following:
1. Scarcity Works on the belief that something is in short supply. It’s a common technique of marketers, “buy now; quantities are limited.”
2. Authority Works on the premise of power. As an example, “hi, is this the help desk? I work for the senior VP, and he needs his password reset in a hurry!”
3. Liking Works because we tend to do more for people we like than people we don’t.
4. Consistency People like to be consistent. As an example, ask someone a question, and then just pause and continue to look at them. They will want to answer; just to be consistent.
5. Social validation Based on the idea that if one person does it, others will too. This one you have heard from your kids, “but Dad, everyone else is doing it. Why can’t I?”
6. Reciprocation If someone gives you a token or small gift, you feel pressured to give something in return.

Knowing the various techniques that social engineers use can go a long way toward defeating their potential hacks. Along with these techniques, it is important to know that they can attack person-to-person or computer-to-person.

Bookmark and Share
Google Buzz

Tags: ,

Posted by Ashish Bobade Concept/Educative, Security Subscribe to RSS feed

Other Interesting Articles:

  • Keylogger
  • GTalks synchronization bug
  • Smart Password Practices by Google
  • Gmail Account Security Tips
  • Security Testing
  • All About COMPUTER VIRUS
  • Danger Of Sharing Information On Social Networking Sites
  • How Terrorist Hide Messages in Images
  • Part Time Internet Jobs
  • Break BitLocker encryption
  • Hacking Web Applications – Truly Simple
  • Superhacker-turned-security-consultant
  • How are the TROJANS working?
  • 2 China Schools Said to Be Tied to Online Attacks
  • Phishing Email
  • How to Avoid Phishing Scams
  • Liquid-cooled PCs
  • Google search tweaks
  • Mobiles to detect fake notes: Courtesy 21 yr old
  • Improve Website Alexa Rank

    • Leave a Reply

    You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>