What is social engieering?

“I need 10k urgently. Please transfer this amount to the account number XXXXXXXXXX,” or “You won the lottery. Click here to claim your prize.” I’m going to assume that you’ve received texts like these from random people or an online buddy you recently had conversation. Yes, they are mostly scammers who fraud via social engineering. Here is a piece of writing about social engineering.

Social Engineering Definition

Social engineering is a method of hacking into human beings that involves psychological manipulation to gain the target’s trust in sharing sensitive information such as passwords or personal details that can be utilized to access data or systems.

Various techniques are used by social engineers, sometimes known as human hackers, to convince individuals to reveal information.

History of Social Engineering

The First Evidence of Social Engineering in Action: After ten years of what seemed to be an endless battle between the Trojans and the Greeks in 1184 B.C., the Greeks figured a strategy to beat the Trojans by building a huge wooden horse and hiding some of their army inside of it while making the rest of their army appear to be sailing away. Trojans thought the Greeks were gone and pulled the wooden statue through their protective barriers as a token for their long-awaited victory, not realising it was a greeks trick.

After it was dark at night, the secret soldiers in the wooden horse crept out and opened the gates surrounding their city, slipping in the other members of their armed forces who had sailed back under the cover of darkness. After that, the Greeks took advantage of shock to destroy Troy from within, putting an official end to the war.

During the 1900s Before, the term “social engineer” was simply known as “con artist.” George C. Parker was one of the most well-known con artists. In the early 1900s, he sold a number of well-known landmarks, including the Statue of Liberty and the Brooklyn Bridge, to immigrants who had little knowledge with New York City even though he didn’t even own them.

So a con artist is someone who convinces their victim to buy or sell something they are not willing to, without using any high tech at all. However, a skilled con artist who is familiar with networks, computers, and security would be a very risky person. The term “social engineers” is often used to describe these hybrid con artists.

The lifecycle of social engineering

Social engineering attacks typically proceed as follows:

• Information gathering: To win the trust of the target, it is required to have specific details about the target, such as the target’s birth-date or phone number. This is simple to get done using publicly accessible information, and social engineers frequently monitor social media for material that is particularly vulnerable.

• Interaction with the target: During this stage, the attacker contacts the victim directly in an effort to obtain information. Using the information they have gathered, they manipulate the target into willingly revealing information that can be exploited.

• Attack: Social engineers launch their attack using the information they have stealthily gathered. This could be using passwords obtained in order to log into systems, committing a typical identity theft, or exploiting the data for one’s own or another’s political purpose.

• Cleansing the tracks: In this case, the attacker gets rid of any evidence that could lead to the arrest, such as phone numbers, social media accounts, or other ways used to contact the target. The social engineers focus mainly on this stage since it is crucial as well.

Types of Social Engineering Attacks

Almost all cyberattacks involve social engineering in some way. Attackers that use social engineering frequently employ the following methods:

• Phishing attacks: the attacker acts as as the trustworthy source to obtain information from the victim. This can be done via voice, SMS, email, and other methods.

• Baiting: The natural human curiosity ends in being trapped by an attacker and exposing oneself to an attacker, such as picking up abandoned USB drives or just clicking on urls that claim to give free discounts.

• Physical intrusions: in this scenario, the attacker approaches the target while disguising themselves as someone legitimate in order to obtain access to unauthorized places or data.

• Pretexting attacks: The term “pretext” refers to “matter offered in explanation,” which means the attacker uses some sort of lubricant story to win the victim’s trust before manipulating the victim into revealing sensitive information.

• Tailgating attacks: It is also known as piggybacking, occur when someone attempts to enter an area that is not open to them. The most typical tailgating attack includes sneaking into a restricted area behind someone who has permission to be there. This is frequently done by closely observing them as they enter the building.

• Quid pro quo: It is a Latin expression meaning “a favour for a favour,” refers to when an attacker promises you a hand or a reward in exchange for access to sensitive information.

• Scareware attacks: It appears that the attacker uses fright to get you to click a link, such as “your system has been infected click in below to download the anti-virus,” in order to infect the system.

• Watering Hole Attacks: To affect a large number of users at once, watering hole attacks infect popular websites with malware. To uncover holes in particular sites, the attacker must conduct careful research.

Traits of Social Engineering Attacks

Social engineers find loopholes in human emotions and utilise them against victims to obtain sensitive information. In order to convince, the following feelings are all used in equal amounts:

• Fear
• Excitement
• Curiosity
• Anger
• Guilt
• Sadness Additionally, they create a sense of urgency and trust that requires extensive research to fully understand the victims' typical behaviours.

Examples of Social Engineering Attacks

To attract victims, malware creators use social engineering techniques. Here are a few examples of real-life social engineering attacks:

• Zoom users: at least 50,000 users were impacted by a phishing that targeted employees. The social engineers convinced workers to click a link to a Zoom meeting with HR by exploiting their worry about being laid off. The employees clicked the link and was directed to a fake Zoom login page intended to steal passwords.

• ILOVEYOU: The computer worm ILOVEYOU, which pretended to be a love letter from the sender and had an attachment titled LOVE-LETTER-FOR-YOU.TXT, infected over 10 million Windows personal computers. In order to trick the user into opening the attachment containing the harmful code and becoming infected, this malware also employed social engineering techniques.

• Security Breaches at Yahoo: Information about Yahoo email users was hacked by two attacks in 2013 and 2014. Spear-phishing was used to carry out the second attack, which targeted a Yahoo engineer. As a result of the person falling for the trap, hackers now have access to the person’s name, email address, phone number, date of birth, and passwords. Additionally, this breach enabled hackers access to user accounts without passwords.

How to Prevent Social Engineering Attacks

Here are some points for preventing social engineering attacks:

• Be cautious rather than curious.
• When receiving any suspicious calls, emails, or messages, pay close attention.
• Only open attachments from reliable sources.
• Do not click on any links in emails that offer rewards or winning notifications.
• Only download software from trusted sources.
• Be cautious of requests for help that are made in a hurry.
• Make sure the device has anti-spam and antivirus software.
• Using secure passwords
• Don’t mention the names of your schools, pets, birthplace, or other identifiable information.
• Using two factor of authentication
• Never leave the devices unsecured in a public place.
• Keep all software up to date as soon as possible.

Happy reading, and I hope this article is helpful…🐾