Sanchayani

Title :Social Engineering


Blogger :पूजा


SUbject :Information Security Awareness



likes:2 dislike:0


Social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter.

Social Engineering Attacks:

1) PHISHING :
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

2) PRETEXTING
Pretexting is another form of social engineering where attackers focus on creating a good pretext, or a fabricated scenario, that they can use to try and steal their victims’ personal information. These types of attacks commonly take the form of a scammer who pretends that they need certain bits of information from their target in order to confirm their identity.
3) BAITING
Baiting is in many ways similar to phishing attacks. However, what distinguishes them from other types of social engineering is the promise of an item or good that hackers use to entice victims. Baiters may offer users free music or movie downloads, if they surrender their login credentials to a certain site.
4) QUID PRO QUO
Similarly, quid pro quo attacks promise a benefit in exchange for information. This benefit usually assumes the form of a service, whereas baiting frequently takes the form of a good.
One of the most common types of quid pro quo attacks involve fraudsters who impersonate IT service people and who spam call as many direct numbers that belong to a company as they can find. These attackers offer IT assistance to each and every one of their victims. The fraudsters will promise a quick fix in exchange for the employee disabling their AV program and for installing malware on their computers that assumes the guise of software updates.
5) Dumpster diving is a popular form of modern salvaging of waste discarded in large commercial, residential, industrial and construction containers. Dumpster diving is the
practice of sifting through commercial or residential waste to find items that have been discarded by their owners, but that may prove useful to the picker.

Prepare and prevent

• Never click on the untrusted sources or send the confidential information to external email id’s
• Never share any confidential information like user credentials even if your requested by a legitimate resource over phone or other means.
• Observe the environment your working in and if you happen to note anything unusual about the physical presence of some people or devices lying around then please report the same to cooperate security immediately.
• Never discuss confidential information in community gatherings with your friends and on social media.