Understanding Human-Based Social Engineering
In my previous article, I have talked more about social engineering and some of the reasons why you need to keep your personal data and identity secured. In this article, I want to discuss some of the facts that you need to know about human-based social engineering. Follow me as we are going to look at this together in this article.
Social Engineering is the art of convincing people to reveal confidential information. It is the trick used to gain sensitive information by exploiting basic human nature. The act intends to gather sensitive information such as credit card details, social security number among others which include password and other personal information.
“Hi, we are from CONESCO Software. We are hiring new software development team. We got your contact from a popular job portal. Please provide details of your job profile , current project information , social security number and your residential address.”
” Hi, I am Mike calling from CITI Bank. Due to threat perception, we are updating our core systems with new security features. Can you provide your personal details to verify that you are Stella?”
And another one…
“Hi. I am John Brown. I am with the external auditor Mr Sandrex. We have been told by Corporate to do a surprise inspection of your disaster recovery procedures. You have 10 minutes to show me how you would recover from a website crash”
We have two types of social engineering which are:
- Human-based social engineering
- Computer-based social engineering
#1 Human-Based Social Engineering
Eavesdropping is unauthorised listening to conversations or reading of messages. It is interceptions of any form of communication such as audio, video, or written conversions.
#2 Shoulder Surfing
Shoulder surfing is the procedure where the attacker looks over the user’s shoulder to gain critical information such as password, personal identification number, account numbers, credit card information e.t.c.
An attacker may also watch the user from a distance using binoculars in order to get the piece of information.
#3 Dumpster Diving
Dumpster diving includes searching for sensitive information at the target company’s trash bin, printer thrash bin, user’s desk for sticky note among others.
It involves the collection of phone bills, contact information, financial information, operations related information among others.
Computer-Based Social Engineering
Here are some of the instances of computer-based social engineering…
#1 Pop Up Windows
Windows that suddenly pops up while surfing the internet and ask for user’s information to log in or sign in.
#2 Hoax letters
Hoax letters are emails that issue warnings to the users on new viruses, Trojans, or worms that may harm user’s systems.
#3 Chain letters
Chain letters are emails that offer free gifts such as money and software on the condition that the user has to forward the mail to the said number of persons.
#4 Instant Messaging
Gathering personal information by chatting with a selected online user to get information such as birth names and maiden names.
#5 Spam Email
Irrelevant, unwanted and unsolicited email to collect the financial information, social security numbers and network information.
This is an illegitimate email falsely claiming to be from a legitimate site that attempts to acquire the user’s personal or acquired information.
Phishing emails or pop-ups redirect users to fake websites or mimicking trustworthy site that asks them to submit their personal information.
#7 Phony Security Alerts
Phony security alerts are the emails or pop up windows that seem to be from reputable hardware or software manufacturers like Microsoft, Dell among others.
It warns/ alerts the user that the system is infected and thus will provide an attachment or a link in order to patch the system. Scammers suggest to the user to download and install those patches. The trap is that the file contains malicious programs that may infect the user’s system.
#8 Social Networking sites
Computer-based social engineering is carried out through social networking sites such as Orkut, Facebook, Myspace, LinkedIn, Twitter among others. Attackers use social networking sites to exploit a user’s personal information.
I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.
Download Our App.
CEHNigeria On Google Playstore
Download Our Blog App On Google Playstore.
GET SEOPOZ. OUTSMART YOUR BLOG COMPETITORS
Have a deeper understanding of Google Search Console. Join SEOPOZ for free.
Join Our Whatsapp Group Here
Join Our Whatsapp Group
Follow Us On Twitter and I will Follow Back
Follow Us On Twitter
Kindly follow me on Twitter and I promise I will follow back. Aside you will get updated when we post new articles.