Date : 04-28-2020
Social engineering is a common form of hacking that is used to gather sensitive information from a target that would otherwise not be disclosed. This form of hacking is done using psychological triggers and interacting directly with a target to trick them into providing information without their knowledge. Just like talking, this is not a one-step method, usually, it takes several steps to slowly gain the trust of the target so they reveal what it is we are looking for. On average, this is usually a four-step process as you can see from the diagram below. The first step is to gather information through research or other means. The next step is to hook the victim or victims and try to gain their trust so you may get sensitive information that they would not otherwise reveal, which is usually done with a believable story. Step three, it is better to give the target some time to process everything and follow up with them later so you can establish a relationship. By doing so you can ask targeted questions that you are looking for answers for such as personal information like security codes, pins, credit card numbers, account access, etc. Lastly and most likely the most important part is to exiting the interaction without being suspicious.
Like in every system the weakest and most vulnerable component is the human element. As humans, we have the option, we can disregard rules and offer up information based on logic and/or emotion, which can be deceived easily. Unlike software systems that are created, it is harder to predict what a user/users think and will do. Because of that, there is not a patch or security rule we can apply that can fix or prevent social engineering attacks.
Just like computer hacking, there are several types of social engineering attacks. A few we will talk about are baiting, scareware, pretext, phishing, and spear phishing.
There are several ways to protect yourself from social engineering. We will try to give you an example of how to prevent each attack mentioned above.