Understanding Human-Based Social Engineering

Human-based social engineering

Understanding Human-Based Social Engineering

 

 

In my previous article, I have talked more about social engineering and some of the reasons why you need to keep your personal data and identity secured. In this article, I want to discuss some of the facts that you need to know about human-based social engineering. Follow me as we are going to look at this together in this article. 

 

Social Engineering is the art of convincing people to reveal confidential information. It is the trick used to gain sensitive information by exploiting basic human nature. The act intends to gather sensitive information such as credit card details, social security number among others which include password and other personal information.

 

Some examples…

“Hi, we are from CONESCO Software. We are hiring new software development team. We got your contact from a popular job portal. Please provide details of your job profile , current project information , social security number and your residential address.”

 

Another one…

” Hi, I am Mike calling from CITI Bank. Due to threat perception, we are updating our core systems with new security features. Can you provide your personal details to verify that you are Stella?”

And another one…

“Hi. I am John Brown. I am with the external auditor Mr Sandrex. We have been told by Corporate to do a surprise inspection of your disaster recovery procedures. You have 10 minutes to show me how you would recover from a website crash”

 

We have two types of social engineering which are:

  • Human-based social engineering
  • Computer-based social engineering

 

#1 Human-Based Social Engineering

Eavesdropping is unauthorised listening to conversations or reading of messages. It is interceptions of any form of communication such as audio, video, or written conversions. 

 

#2 Shoulder Surfing 

Shoulder surfing is the procedure where the attacker looks over the user’s shoulder to gain critical information such as password, personal identification number, account numbers, credit card information e.t.c.

 

An attacker may also watch the user from a distance using binoculars in order to get the piece of information. 

 

#3 Dumpster Diving

Dumpster diving includes searching for sensitive information at the target company’s trash bin, printer thrash bin, user’s desk for sticky note among others.

 

It involves the collection of phone bills, contact information, financial information, operations related information among others. 

 

Computer-Based Social Engineering

Here are some of the instances of computer-based social engineering…

#1 Pop Up Windows 

Windows that suddenly pops up while surfing the internet and ask for user’s information to log in or sign in.

 

#2 Hoax letters

Hoax letters are emails that issue warnings to the users on new viruses, Trojans, or worms that may harm user’s systems.

 

#3 Chain letters 

Chain letters are emails that offer free gifts such as money and software on the condition that the user has to forward the mail to the said number of persons.

 

#4 Instant Messaging

Gathering personal information by chatting with a selected online user to get information such as birth names and maiden names.

 

#5 Spam Email

Irrelevant, unwanted and unsolicited email to collect the financial information, social security numbers and network information.

 

#6 Phishing

This is an illegitimate email falsely claiming to be from a legitimate site that attempts to acquire the user’s personal or acquired information.

 

Phishing emails or pop-ups redirect users to fake websites or mimicking trustworthy site that asks them to submit their personal information.

 

#7 Phony Security Alerts

Phony security alerts are the emails or pop up windows that seem to be from reputable hardware or software manufacturers like Microsoft, Dell among others.

 

It warns/ alerts the user that the system is infected and thus will provide an attachment or a link in order to patch the system. Scammers suggest to the user to download and install those patches. The trap is that the file contains malicious programs that may infect the user’s system.

 

#8 Social Networking sites

Computer-based social engineering is carried out through social networking sites such as Orkut, Facebook, Myspace, LinkedIn, Twitter among others. Attackers use social networking sites to exploit a user’s personal information. 

 

 

 

Action Point

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

Download Our App.

           

CEHNigeria On Google Playstore

Download Our Blog App On Google Playstore.

 

         

GET SEOPOZ. OUTSMART YOUR BLOG COMPETITORS

Have a deeper understanding of Google Search Console. Join SEOPOZ for free.

Join Our Whatsapp Group Here

           

Join Our Whatsapp Group

Follow Us On Twitter and I will Follow Back

           

Follow Us On Twitter

Kindly follow me on Twitter and I promise I will follow back. Aside you will get updated when we post new articles.

 

About Adeniyi Salau 889 Articles
I am an IT enthusiast and a man of many parts. I am a Certified Digital Marketer, Project Manager and a Real Estate Consultant. I love writing because that's what keeps me going. I am running this blog to share what I know with others. I am also a Superlife Stem Cell Distributor. Our Stem Cell Products can cure many ailments.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


CommentLuv badge