Saturday, 18 May 2013

Social Engineering is the art of  manipulating people in to performing actions or divulging confidential information

This type of attack is non-technical and rely heavily unhuman interaction

Hackers use social engineering attacks to obtain information that will allow him/her to gain unauthorized acess to a valued system and the information that resides on that system.

The purpose of social engineering is usually to secretly install spyware other malicious software or to trick person in to handing over password and/or othere  sensitive financial or personal information

What are they looking for??

1:- Obtaining simple information such as your pet's name,where you are from,the places you have visited;information that you had give out freely to your friends 
2:- Take a close look at some of the 'secure' sites you log into .some have a 'secret questins' you  have to answer, if you can not remember your  user name  or password.The question pretty though for an out sider looking in to trying to hack into your account.


1:- Pretexting- Creating a fake scenario

2:- Phishing- Fraudulently obtaining private information

3:- Quid pro quo:- Somthing for somthing

4:- Baiting:- Real world trojan horse

5:- Diversion theft :- A con


Creating fake scrnario

Prior Research/Setup used to establish legitimacy
Give information that a user would normally not divulge

This technique is used to impersonate
Authority ect
Using prepared answers to victims questions
Other gathered information

Ex: Law Enforcement
Threat of alleged infraction to detain suspect and hold for questioning


Fraudulently obtaining private information

Send an email that looks like it came from a legitimate business

Request verification of information and warn of some consequence if not provided

Usually contains link to a fraudulent web page that looks legitimate

User gives information to the social engineer
 Ex: Ebay Scam

Spear Fishing
Specific phishing
Ex: email that makes claims using your name 

Phone phishing 
Rogue interactive voice system
Ex:call bank to verify information

Quid pro quo

Somthing for somthing

Call random numbers at a company, claiming to be from technical support.

Eventually, you will reach someone with a legitamite problem

Grateful you called them back, they will follow your instructions

The attacker will "help" the user, but will really have the victim type commands that will allow the attacker to install malware


Real world of trojan horse

Uses physical media

Relies on greed/curiosity of victim

Attacker leaves a malware infected cd or usb drive in a location sure to be found

Attacker puts a legitimate or curious lable to gain interest

Ex: "Company Earnings 2009" left at company elevator
Curious employee/Good samaritan uses
User inserts media and unknowingly installs malware

Diversion theft

A con

Persuade deliver person that delivery is requested elsewhere - "Round the Corner"

 When deliver is redirected, attacker pursuades delivery driver to unload delivery near address

Ex: Attacker parks security van outside a bank. Victims going to deposit money into a night safe are told that the night safe is out of order. Victims then give money to attacker to put in the fake security van

Most companies do not prepare employees for this type of attack

Weakest link

No matter how strong your:
Intrusion Detection Systems
Anti-virus software 

You are the weakest link in computer security!
 People are more vulnerable than computers
"The weakest link in the security chain is the human element" -Kevin Mitnick 

Way to prevent and protection

 3rd Party test - Ethical Hacker
Have a third party come to your company and attempted to hack into your network
3rd party will attempt to glean information from employees using social engineering
Helps detect problems people have with security

Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about internal information

Do not provide personal information, information about the company(such as internal network) unless authority of person is verified

Before transmitting personal information over the internet, check the connection is secure and check the url is correct

If unsure if an email message is legitimate, contact the person or company by another means to verify

Be paranoid and aware when interacting with anything that needs protected

KEVIN MITNICK(Famous Social Engineer Hacker)

Went to prison for hacking
Became ethical hacker

"People are generally helpful, especially to someone who is nice, knowledgeable or insistent."

Kevin Mitnick - Art of Deception

"People inherently want to be helpful and therefore are easily duped"

"They assume a level of trust in order to avoid conflict"

"It's all about gaining access to information that people think is innocuous when it isn't"

Here a nice voice on the phone, we want to be helpful

Social engineering cannot be blocked by technology alone

A qutoe from KEVIN MITNICK

"You could spend a fortune purchasing technology and services from every exhibitor, speaker and sponsor at the RSA Conference, and your network infrastructure could still remain vulnerable to old-fashioned manipulation.”


Thank you  for reading my post.Please coment and share 


  1. .i want to sincerely and openly thank for her service…She saved me from infidelity and lies of my cheating husband. She was able to hack his phone so i listen to every call he either make or receive, email passwords and Facebook …i know there are lots of people out there looking for proof and evidence about one thing or the other. Be open and real with her so she can even be at the best of her service to you. Do contact her by email on

  2. I can see that you are an expert at your field! I am launching a website soon, and your information will be very useful for me.. Thanks for all your help and wishing you all the success in your business.


  3. If you need to hire a real hacker to help spy on your partner's cell phone remotely, change your grades or boost your credit score. Contact this helpline 347.857.7580 or the email address

  4. I strongly recommend the service of a GREAT Hacker to you and his email is I have used him quite a number of times and he has never disappointed me.

    He does all types of mobile hacks, get unrestricted and unnoticeable access to your partner/spouse, Skype, Facebook Account, Email(s), Whatsapp, Instagram, Text messages, Twitter, Bank accounts, office files etc. Getting the job done is as simple as sending an email to stating what you want to do.

  5. I dont really know much about hacking after so many tries i met Cyberhacking lord who later help me find out my husband has been cheating on me and stealing from my bank account, he had this scheme going for 6 months. He gave me access to his mail,social media account,phone(could see deleted messages) and even track his location, still going to sue to him. Having doubts in your relationship? contact him (

  6. Nowadays social media are everywhere, Would like to share something about most Offline games apk that is available online and easy to download and also there is a lot of other different things like apps and games you can download and play after without any internet need.

  7. I know a professional hacker named james who has worked for me this week. He offers very legitimate services such as clearing of bad records online without being traced back to you, He clone/hack mobile phones, hack Facebook account, instagram, WhatsApp, emails, Twitter, bank accounts, Skype, FIXES CREDIT REPORTs, track calls. He also help retrieve accounts that have been taking by hackers. His charges are affordable, reliable and 100% safe. For his job well done this is my own way to show appreciation, Contact him via address below...
    Email...hackintechnology@gmail. com
    Text no..+1(669) 225-2253


    Ankush Mohanty: is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other then this he is a Certified Ethical Hacker. His all efforts are to make internet more Secure. Registered & Protected Registered & Protected