Social Engineering – The Art of Virtual Exploitation

Social engineering uses human weakness or psychology to gain access to the system, data, and personal information, etc. It is the art of manipulating people. It doesn’t involve the use of technical hacking techniques. Attackers use new social engineering practices because it is usually easier to exploit the victim’s natural inclination to trust.
For example, it is much easier to fool someone to give their password instead of hacking their password. Sharing too much information on social media can enable attackers to get a password or extracts a company’s confidential information using the posts by the employees. This confidential information helped attackers to get the password of victim accounts.

How Social Engineering Attacks takes place?

Phishing scams are the most common types of Social Engineering attacks these days. Tools such as SET(Social Engineering Toolkit) also make it easier to create a phishing page but luckily many companies are now able to detect phishing such as Facebook. But it does not mean that you cannot become a victim of phishing because nowadays attackers are using iframe to manipulate detection techniques. The example of such hidden codes in pishing pages are cross-site-request-forgery “CSRF” which is an attack that forces an end user to execute unwanted actions on a web application.



Example: In 2018 we have seen a great rise in the use of ransomware which have been delivered alongside Phishing Emails. What an attacker does is they usually deliver an attachment with a subject like “Account Information” with the common file extension say .pdf/.docx/.rar etc. At which user generally click and the attacker’s job gets done here. This attack often encrypts the entire Disk or the documents and then to decrypt these files it requires cryptocurrency payment which is said to be “Ransom(money)”. They usually accept Bitcoin/Etherium as the virtual currency because of its non-traceable feature. Here are a few examples of social engineering attacks that are used to be executed via phishing:

  • Banking Links Scams
  • Social Media Link Scams
  • Lottery Mail Scams
  • Job Scams

Prevention

  • Timely monitor online accounts whether they are social media accounts or bank accounts, to ensure that no unauthorized transactions have been made.
  • Check for Email headers in case of any suspecting mail to check its legitimate source.
  • Avoid clicking on links, unknown files, or open email attachments from unknown senders.
  • Beware of links to online forms that require personal information, even if the email appears to come from a source. Phishing websites are same of legitimate websites in looks.
  • Adopt proper security mechanism such as spam filters, anti-virus software, and a firewall, and keep all systems updated, anti-keyloggers.


My Personal Notes arrow_drop_up

I am an Cyber Security Enthusiast who loves to break into Web Applications for finding the security loopholes and reporting them responsibly to the companies Listed into Hall of Fame of Microsoft Corporation for reporting vulnerabilities

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.


Article Tags :

2


Please write to us at contribute@geeksforgeeks.org to report any issue with the above content.