The most critical part of the security of any system is Users.Most users trust each other.However,this makes them the most vulnerable part of security.Hackers can use this tendency of users to extract valuable information.They use social engineering,a Hacking technique that exploits users trust and uses physical method and psychological tricks,to collect information. To access information about a person,a social engineer must gain the Trust of that person by developing any of the following social engineering techniques: 1)Impersonation 2)Bribery 3)Deception 4)conformity --------------------------------------------- -------------------------------- 𝗜𝗺𝗽𝗲𝗿𝘀𝗼𝗻𝗮𝘁𝗶𝗼𝗻:- impersonation involves posing as a legitimate user or an authorized employee.It is an extremely successful social engineering method.Most people believe that an attacker will not approach them directly for collecting information.How ever,attackers may use this general belief to cheat people while impersonating,a social engineer typically works in one of the following manners: By assuming the role of a person who has the authority to collect information.For example,a social engineer may approach a user as a system administrator or as an IT support executive and ask for passwords. By impersonating the user who has the right to obtain information.for example ,a social engineer may use the name of a legitimate user to call the help-desk and ask for information. --------------------------------------------- --------------------------------- 𝗕𝗿𝗶𝗯𝗲𝗿𝘆:- Bribery is a traditional way of collecting information by manipulating the personal greed of employees of an organization.social engineers use bribery to collect the information about their targets. in this technique,social engineers aim at the following types of employees of the target organization: 1)Employees who do not have long-term interests with the organization. 2)Employees who are dissatisfied with the organization. 3)Employees who are facing financial difficulties. Before attempting to bribe,a social engineer conducts basic research to find out possible target users.In addition to the effort of research,there is a major risk in this technique.An employee who accepts a bribe may still fail to provide relevant information,and then there is no way for the social engineer to extract information.This may cause the social engineer to physically assault and intimidate the employee who had accepted the bribe --------------------------------------------- ----------------------------------- 𝗗𝗲𝗰𝗲𝗽𝘁𝗶𝗼𝗻:- Deception is similar to impersonation.In deception,to collect information,a social engineer tries to join the target organization either as an employee or as a consultant. --------------------------------------------- --------------------------------- 𝗰𝗼𝗻𝗳𝗼𝗿𝗺𝗶𝘁𝘆:- conformity is a technique by which a social engineer convinces a victim that there is no Harm in providing information.The key point in this technique is the social engineers ability to gain the trust of a target user. An attacker choose social engineering techniques according to the situation.for example,a social engineer can use impersonation to collect information from a user or from the help-desk service.However,this technique may not be helpful for collecting confidential information from a system administrator. social engineers may use various communication media to extract and gather information.
Posted on: Sat, 27 Dec 2014 02:08:58 +0000
Trending Topics
Recently Viewed Topics
© 2015