What is Social Engineering ? Social Engineering Types and Prevention

What is Social Engineering ? Social Engineering Types and Prevention

Have you ever heard the term Social Engineering ? If you don't know then don't worry. In this article I will provide you with full information about Social Engineering. What is Social Engineering ? Social Engineering Types and Prevention.


You must have heard that every thing in this world which is connected to the internet can be hacked. It is possible also. We human also directly or indirectly are connected to it. In today’s world data has become something which is very crucial.


You are no more private in this era but you are totally public. Yes, you are public. Any one who can access your phone could get all the information about you i.e. your likes, dislikes, your interests, places you visited, etc. Every single information can be accessed using that device.


Do you know that, Google has full access to your mobile phone. You must have seen that if you visit amazon and searched for something say Shoes. You must have noticed that any blog or website which you visit later will be showing the same amazon product and if you haven’t noticed just check it once. 


When you save photos to Google Photos or Drive, then you must have seen that thee location of a place also gets stored along with that photo. And like this we are fully exposed to internet world. The below fact is 100% true.

There is NO Place to HIDE on INTERNET

Suppose if this is the case i.e. someone has accessed your mobile or pc and has stolen all your data. What will happen then ? You won’t be able to breathe properly. Suppose after that the victim calls you and threatens you to do certain things. What will you do ? 


Without even thinking  for a second you will execute his order because your private data is more important. So simply the victim has Hacked you. This is what we call as Social Engineering.


I found it very much interesting. So I thought that why you people should not be given complete information about What is Social Engineering ? Social Engineering Types and Prevention. I request you to all to read full article to get complete information about Social Engineering. So if you find the same happening with you then you should take steps which I will be mentioning in this article . So let us start today’s article on What is Social Engineering.


Table of Contents :

• What is Social Engineering? The Art of Human Hacking

• Type of Social Engineering or Social Engineering Techniques
  i.) Baiting
  ii.) Scareware
  iii.) Pretexting
  iv.) Phishing
  v.) Spear Phishing

• How to Prevent Yourself from Social Engineering Attacks?

• One Last thing to Remember about Social Engineering

• Conclusion

What is Social Engineering? The Art of Human Hacking

Social Engineering

In the reference of information security, Social Engineering can be described as a term in which some one controls up a human brain through psychological manipulation in order to get confidential information. If we state this in simple term then it will be, “The art of Human Hacking is called Social Engineering”.


Social Engineering happens in number of steps. The Hacker first investigates about the victim. He then collects information about him, such as strong entry points, protocols with weak security which is needed to proceed with the attack. After that the hacker try to gain trust from the victim. And gradually he uses some techniques to gain sensitive information or to get access to secure sources.


Social Engineering is very dangerous. Basically the reason is that, it depends on human mistake rather than vulnerability in computer system or software’s. Hacker are stalkers. They just keep an eye at you and wait for that perfect moment where you will make a small mistake. As soon as he finds it he executes his job. In this way it becomes very difficult to find what mistake has been actually made.


It is also said that :-

Success Rate of a Female Hacker in Social Engineering is More than that of a Male Hacker

Type of Social Engineering or Social Engineering Techniques

There are various techniques through which Social Engineering attacks can be achieved. It can be performed anywhere specially at the places where there is more human interaction. Below are the most common techniques used to perform Social Engineering attacks.

• Social Engineering - Baiting

As the name Baiting itself suggest, hacker uses false promise to gain trust from user. They generate curiosity or greed in victim. And after that somehow they manage to steal sensitive information or infect their system with malware.


The modified form of baiting is to spread malware through physical media.


Example, the hacker leaves the flash drive which is infected with malware. The hacker uses the flash drive as a bait for the victim. They generally leaves flash drives in such places ( elevators, parking lot, bathrooms)  that it will definitely falls under victims eye. 


Also the bait is given a authentic look so that the victim don’t have any suspicious thinking. For Example, the flash drive will have a mark of the company in which the victim works.


The victim falls under the trap of the hacker and carry away the bait with him. He becomes curious about the bait and generally insert into its work office computer or home computer which results in automatic installation of malware on the system. 


It’s not the case that baiting always happens in physical form. There are lot of websites which offers various deals and offers and encourages user to login by filling up the form. However as soon as you open them your system get malware infected.


There are websites which offers free software but in reality it remains malware infected.

• Social Engineering - Scareware

Scareware involves threatening the victim with false information and serious threats. Mostly in this case the victims are forced to think that their system has been infected from certain kind of malware.


Hacker’s generally sends prompts to install software which will cure their PC. However that software is of no use rather it’s a gateway for the hacker or maybe it’s a malware itself.


A common example of Scareware is the popup banners which appears on your screen while surfing internet. These banners are very much attractive to users as it states "Your computer has been infected with Malware. Click Here to Scan" 


The popup will either offer you to install tools or software programs on your computer which remains malware infected or it will redirect you to some other harmful sites so that your computer gets infected.


Scareware is also sent through spam emails which contains serious threats and warnings or it provides such deals & offers which are harmful and of no use.

• Social Engineering - Pretexting

In Pretexting a hacker gains information through his cleverness and lies. In this the hacker pretends that he is a authentic person ( Bank Agent, Police, etc. ) and he needs sensitive information from the victim to carry out a critical task.


The hacker first gains trust of the victim by acting that he is a co-worker or police or bank agent, or any type of person who have right to know about the authority. He asks such question which are needed to confirm victim’s identity and in this way they gather private information.


All sorts of credential information are stolen from these type of scam. The information includes security numbers, addresses, phone records, information about staff i.e. his/her non working day, bank details etc.

• Social Engineering - Phishing

Phishing is one of the most popular type of Social Engineering attack. Hacker uses scam emails, text messages, money offer or any such activity which either creates curiosity or fear in victim. 


After that the hacker pokes them to reveal sensitive information or to click on any such links which redirects them to malicious websites or to open email attachments which contains malware.


For Example :- A email is sent to the victim. The email seems to be authentic and it usually contains alerts like any type of policy violation and  asks victim to change their password. 


It includes link of a authentic websites but after clicking on the link they are redirected to a dummy website which seems original. The website keeps prompting to update information like username, password, email etc. and after submission all the data is sent to the hacker.

• Social Engineering - Spear Phishing

Spear Phishing is a more advanced version of the phishing scam in which an attacker chooses a specific individuals or enterprises. 


After choosing the target they gains information about them such as their characteristics, job positions, and contacts so that the victim will thinks him as a authentic person and also the attack will be less suspiciuous.


Spear phishing requires a lot more effort for a hacker to gather information. It generally takes weeks and months to gain victim’s private information. 


These type of scams are much harder to detect and have better success rates if done skillfully.


A spear phishing scenario might involve an hacker who, pretends to be an organization’s IT consultant. He then sends an email to at least one or more employees. It’s wordings and signs exactly matches with that of the real consultant which makes recipients to think that the mail is authentic.


The message prompts recipients to change their password and they are given a link which redirects them to a malicious page where they submit their credentials and in this way the hacker gets the needful information.

How to Prevent Yourself from Social Engineering Attacks

Social Engineers does psychological manipulation on human beings such as fear, curiosity or creates schemes and offers to trap them. Therefore, one must be alert and should not be greedy to open any spam mails or such hyperlinks which offers you some attractive schemes. 


Those links are created in a such a way that people can’t stop themselves from clicking it. Remember that Social Engineering is mainly successful because of any mistake made by human.


Moreover, the following tips can help you to prevent yourself from any kind of such attacks.


• Don’t Open e-mails and Attachments from Suspicious Sources – If you don’t know about the sender of the mail then you must not open that. Even if you know about the sender and you are suspicious about them then first check the content of email on Google. You should keep in mind that email addresses are almost spoofed every time. 


So even if it comes from a trusted source then there are chances that it is initiated by a hacker. They always send such mails which user finds trustworthy and can’t stop themselves by clicking on any such suspicious link or giving important information for certain deals and offers.


• Use Multi-Factor Authentication – One of the most important information which a hacker tries to get is login details of any important resources. So as a active user you should first cross check about evert site or software before entering any valuable details. Also you should must use 2-factor authentication.


• Be Aware of Tempting Offers – If you see certain deals and offers too much exciting then think again and again before accepting it. Google about it first and take information from various sources about it. Unless and until you find any satisfying result on Google you must not accept it. These are mainly a trap created by hacker. We normal people becomes greedy by such deals.


• Keep Your Antivirus/Antimalware Software Updated – You must keep you’re your software’s updated. Make it a habit to check for updates daily. You also much scan your system periodically within a span of 3 to 4 days. Also check that updates have been applied or not.

One Last thing to Remember about Social Engineering

Social Engineering itself is a very broad topic. An entire book could be written on it. However I have tried to explain you in short. So that you get a better understanding.


In this article I have written everything in context of a hacker like, the hacker will do these things step by step. However it's not the case that Social Engineering is always done by a hacker. It may be done by individual living around you who need your personal information. Maybe for money extortion. It can be anyone. A better term for them would be attacker. It not only happens online but also offline. So I hope now you got a clear idea about Social Engineering.

Conclusion

In this article we learn't What is Social Engineering ? Social Engineering Types and Prevention. I hope you have understood it completely. It has always been my endavor to provide full information on this article to my readers so that they don't have to search for any further information on internet.


This will also save their time and they will get all the information at one place. If you have any query about this article or you want some modification in it, then tell us by commenting below.

I hope you have liked my article on What is Social Engineering ? Social Engineering Types and Prevention. If you liked my article then share it with your friends, relatives and with those who are interested in hacking. Also, share it on Social Media like Facebook, Twitter, Instagram etc. So that it will benefit all. Keep visiting and Thanks for Reading.