Social Engineering -Time To Be More Secure Than Before

Social Engineering is a method of hacking which is based on spoofing a person’s identity and getting their details using socializing skills. It is an art of using Psychology things and marketing skills together for influencing the target victim and manipulate them for getting sensitive information. They generally not only get into systems but also disturb your life. But the thing which keeps it different from all the famous ways of attacks is you no need to write a code for achieving it. In the real world, only social engineering is not enough to get your details, but they use it as an intermediate step to get you into their hands. It is just like a bridge between you and attacker if you step on it didn’t forget you will be lost your life as it is an illusion. It happens through a series of steps and had different ways to achieve it. In general, these attacks are gone virtually, so most the victim never knows about the hacker.

Lifecycle of Social Engineering

Keep in mind that never a hacker directly interacts with the victim either virtually or physically. They will go through a series of steps to verify and analyze the present situation of victims knowing along with their past. The steps are like-

  1. Information Gathering: First, a basic investigation happens on the victim for analyzing his present situation based on his past actions. Interest and ambitious goals are taken into consideration. And then they choose their method of interaction with the victim.
  2. Establishing Relationship: In this particular phase, the attacker starts engaging with the user through different interfaces and creating a story around him that makes him hurry and quick and tense that makes him open doors for attackers.
  3. Exploitation: This is where the art of technical Knowledge and human relationship management of an attacker comes into play which makes the victim keep the door open from him till all the work of the attacker done.
  4. Execution: In this particular phase attacker meets all his needs and makes sure that his work is done without any proof and footprints are left behind throughout the attack. They also make sure that the victim will never know about this and so that, they can maintain a relationship with the user, so they can make use of it for future purposes.

Vectors Of Social Engineering

This is the field which always going innovative so everyone can know the methods after a crime comes out only. But all of them come under four-vectors available in social Engineering.

  1. Impersonating: This is the clever way of an attacker’s choice, in this method they impersonate Organizations, Police, banks, and tax officials. And loot money or what they want from the victim. And the same thing happens with the organizations to get information about the victim legally in a different way. Generally, the attacker approaches the organization showing some relation with the victim as wife, husband, children in such a way and use their skills to get information by impersonating them.
  2. Phishing: Phishing is something which is like spoofing the famous websites and creating some new other which gets and trapped victim for his greedy and trust. Large attacks of this happen through Social media such as Instagram, Facebook, Twitter. They approach the victim and provide weblinks to increase their followers or likes and retweets for their posts and use their greedy and broke their trust. Don’t get into this chain and lost your freedom to express your rights.
  3. Vishing: Technically speaking this is known as “voice phishing”. In this method of phishing, attackers use their voice and speaking skills to create a mood in the victim’s side and convince them to provide information for them. Generally, this happens most with the organization for getting their financial and customer details.
  4. Smishing: Smishing is a method in which attacks generally happen through messages. In this method, the Attacker approaches the victim through messages and uses their anxiety and interest and greediness in him at particular topics, which are provided with links and furthermore continued through the phishing process to get sensitive information of the target. This generally happens with the customers of an organization to get their details.

Six Key Principles Of Social Engineering 

The term generally depends on influencing society or a social person to get to be fooled in the hands of an attacker. So they had six key principles to follow for influencing a person which are established by Robert Cialdini. This generally related to marketing in reality but this is how socializing something works. Principles are like 

  1. Reciprocity: This is a term that indicates mutual benefit for each other. Generally, this is what happens in the marketing field.
  2. Commitment & Consistency: The term Commitment shows your desire at some particular work that how much you are dedicated to it. In the same way, Consistency shows your mood shifts and your interest in it.
  3. Social Proof: This is where generally people start doing things or actions where that other peoples do. It is like getting people influenced by people.
  4. Authority: People in that position generally do obey the orders of Authority Figures, even though they know that it is objectionable.
  5. Liking: This is a strategy based on the fact, Generally, people believe and sell and buy products if they liked the person very well and that’s what generally happening nowadays through public figures.
  6. Scarcity: This is what increases the demand for something when it is truly necessary for daily life for some special purposes.For example like Big Billionaire days on Flipkart and some other companies to increase their demand among society.

Prevention Measures

The way they approach will be different every time. All you need to do is being aware of the things happening around you and keep yourself safe from it. Many famous personality accounts such as Obama, Elon Musk are also been hacked in the process of damaging Twitter’s Security. So don’t be careless about this issue. Five tips to get rid of this attack. 

  1. Never share information about you on unknown calls and messages. As we don’t the person on the other side and can’t complain about him without knowing, is a big task to get your information back from him is so hard.
  2. Don’t tempt the free gains. Generally, we are greedy as humans but don’t make that greediness in you to lose your social life. So don’t tempt for free things and things can be any and many like simple things such as likes and followers to typical things like money and information.
  3. Downloading Applications from unknown sources should be avoided. Generally, these things happen based on scary to improve your system software and security in usage, Or greedy to get paid things for free such as prime, PUBG loots, and unlock other things. So don’t get into it for short term happiness which may lead to lifelong sadness.
  4. Use Multi-Factor authentication for being more secure. This makes your account more secure because if you got affected for a phishing attack than the attacker can get your details and still he can’t access your account as it is a multi authentication. So in most situations your account will be secure with one more layer of security.
  5. Make sure that your system is updated all the time. Don’t be lazy to get your system update frequently because the update says that, they improved their performance along with closing their vulnerabilities which are generally exploited by attackers, which keeps you more safe and secure.
My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.


Article Tags :

2


Please write to us at contribute@geeksforgeeks.org to report any issue with the above content.