White Hat Institute

Social engineering and possible attack vectors

Social engineering
(This image was retrieved from lynda.com)

Social engineering is the field of concentration of controlling individuals, so they give up private data. The types of data these hoodlums are looking for can shift. However, when people are focused on the crooks, they are generally attempting to deceive you into giving them your passwords, bank data, or access your PC to install malicious software covertly.

Criminals use social engineering strategies since it is simpler to abuse your characteristic tendency to trust rather than to find approaches to hack your software. For instance, it is a lot less demanding to trick somebody into giving you their secret key than it is for you to try hacking their secret key (except if the password is extremely weak). It is critical to understand when and when not to trust a person, and the person you are communicating with is who they state they are.

Ask any security expert, and they will reveal to you that the weakest connection in the security chain is the human who acknowledges an individual or situation at face esteem. It doesn’t make a difference how many locks and deadbolts are on your entryways and windows, or if you have alarm frameworks, floodlights, fences with spiked metal, and armed security personnel; if you trust the individual at the door who says he is the pizza guy and you let him in without first verifying whether he is legitimate, you are totally exposed to whatever risk he represents.

When exploiting the human trust and interest, the social-engineering messages might incorporate the following:

1. Contain a link that you need to check out– and because the link originates from a companion that you’re interested in, you’ll trust it and be contaminated with malware so the attacker can have control over your machine and gather your contact information and deceive them simply like you were deceived.

2. Contain a downloadable picture, music, movie, archive, etc., that have harmful programming inserted. If you download– which you are probably going to do since you think it is from your friend– you will be infected. The attacker will have access to your machine, email account, personal records, and contacts. The same assault method can be used by everybody on your contact list.

There are many variations of social-engineering attacks, where the attacker may implement multiple forms of exploits in a single attack attempt. In this tutorial section, we will discuss some of the social engineering techniques and exploitation methods of human trust to gain full control over the victim’s computer.