Saturday 18 May 2013



Social Engineering is the art of  manipulating people in to performing actions or divulging confidential information

This type of attack is non-technical and rely heavily unhuman interaction

Hackers use social engineering attacks to obtain information that will allow him/her to gain unauthorized acess to a valued system and the information that resides on that system.

The purpose of social engineering is usually to secretly install spyware other malicious software or to trick person in to handing over password and/or othere  sensitive financial or personal information

What are they looking for??

1:- Obtaining simple information such as your pet's name,where you are from,the places you have visited;information that you had give out freely to your friends 
2:- Take a close look at some of the 'secure' sites you log into .some have a 'secret questins' you  have to answer, if you can not remember your  user name  or password.The question pretty though for an out sider looking in to trying to hack into your account.

Tactics:

1:- Pretexting- Creating a fake scenario

2:- Phishing- Fraudulently obtaining private information

3:- Quid pro quo:- Somthing for somthing

4:- Baiting:- Real world trojan horse

5:- Diversion theft :- A con

Pretexting

Creating fake scrnario

Prior Research/Setup used to establish legitimacy
Give information that a user would normally not divulge

This technique is used to impersonate
Authority ect
Using prepared answers to victims questions
Other gathered information

Ex: Law Enforcement
Threat of alleged infraction to detain suspect and hold for questioning

Phishing

Fraudulently obtaining private information

Send an email that looks like it came from a legitimate business

Request verification of information and warn of some consequence if not provided

Usually contains link to a fraudulent web page that looks legitimate

User gives information to the social engineer
 Ex: Ebay Scam

Spear Fishing
Specific phishing
Ex: email that makes claims using your name 

Vishing
Phone phishing 
Rogue interactive voice system
Ex:call bank to verify information

Quid pro quo

Somthing for somthing

Call random numbers at a company, claiming to be from technical support.


Eventually, you will reach someone with a legitamite problem

Grateful you called them back, they will follow your instructions

The attacker will "help" the user, but will really have the victim type commands that will allow the attacker to install malware

Baiting

Real world of trojan horse

Uses physical media

Relies on greed/curiosity of victim

Attacker leaves a malware infected cd or usb drive in a location sure to be found

Attacker puts a legitimate or curious lable to gain interest

Ex: "Company Earnings 2009" left at company elevator
Curious employee/Good samaritan uses
User inserts media and unknowingly installs malware

Diversion theft

A con

Persuade deliver person that delivery is requested elsewhere - "Round the Corner"

 When deliver is redirected, attacker pursuades delivery driver to unload delivery near address

Ex: Attacker parks security van outside a bank. Victims going to deposit money into a night safe are told that the night safe is out of order. Victims then give money to attacker to put in the fake security van

Most companies do not prepare employees for this type of attack

Weakest link

No matter how strong your:
Firewalls
Intrusion Detection Systems
Cryptography
Anti-virus software 

You are the weakest link in computer security!
 People are more vulnerable than computers
"The weakest link in the security chain is the human element" -Kevin Mitnick 

Way to prevent and protection


 3rd Party test - Ethical Hacker
Have a third party come to your company and attempted to hack into your network
3rd party will attempt to glean information from employees using social engineering
Helps detect problems people have with security

Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about internal information

Do not provide personal information, information about the company(such as internal network) unless authority of person is verified

Before transmitting personal information over the internet, check the connection is secure and check the url is correct


If unsure if an email message is legitimate, contact the person or company by another means to verify

Be paranoid and aware when interacting with anything that needs protected

KEVIN MITNICK(Famous Social Engineer Hacker)

Went to prison for hacking
Became ethical hacker

"People are generally helpful, especially to someone who is nice, knowledgeable or insistent."


Kevin Mitnick - Art of Deception

"People inherently want to be helpful and therefore are easily duped"


"They assume a level of trust in order to avoid conflict"


"It's all about gaining access to information that people think is innocuous when it isn't"

Here a nice voice on the phone, we want to be helpful

Social engineering cannot be blocked by technology alone

A qutoe from KEVIN MITNICK

"You could spend a fortune purchasing technology and services from every exhibitor, speaker and sponsor at the RSA Conference, and your network infrastructure could still remain vulnerable to old-fashioned manipulation.”




SOCIAL ENGINEERING




Thank you  for reading my post.Please coment and share 
Categories:

11 comments:

  1. .i want to sincerely and openly thank blackhatservers@gmail.com for her service…She saved me from infidelity and lies of my cheating husband. She was able to hack his phone so i listen to every call he either make or receive, email passwords and Facebook …i know there are lots of people out there looking for proof and evidence about one thing or the other. Be open and real with her so she can even be at the best of her service to you. Do contact her by email on blackhatservers@gmail.com

    ReplyDelete

  2. If you need to hire a real hacker to help spy on your partner's cell phone remotely, change your grades or boost your credit score. Contact this helpline 347.857.7580 or the email address expressfoundations@gmail.com

    ReplyDelete
  3. I strongly recommend the service of a GREAT Hacker to you and his email is hackersolution89@gmail.com. I have used him quite a number of times and he has never disappointed me.

    He does all types of mobile hacks, get unrestricted and unnoticeable access to your partner/spouse, Skype, Facebook Account, Email(s), Whatsapp, Instagram, Text messages, Twitter, Bank accounts, office files etc. Getting the job done is as simple as sending an email to hackersolution89@gmail.com stating what you want to do.

    ReplyDelete
  4. I dont really know much about hacking after so many tries i met Cyberhacking lord who later help me find out my husband has been cheating on me and stealing from my bank account, he had this scheme going for 6 months. He gave me access to his mail,social media account,phone(could see deleted messages) and even track his location, still going to sue to him. Having doubts in your relationship? contact him (cyberhackinglord@gmail.com)

    ReplyDelete
  5. Nowadays social media are everywhere, Would like to share something about most Offline games apk that is available online and easy to download and also there is a lot of other different things like apps and games you can download and play after without any internet need.

    ReplyDelete
  6. My advise out there is for you to be wise before you invest in any binary option broker I was scammed $450,000 by online broker but at last I found someone who help me to recovered all my lost funds back from a scam broker on this page that stocked my capital with an unregulated broker, If you need assistance with regards of your lost funds from your broker or may be your broker manager asking you to make more deposit before you could make a withdrawal or your account has been manipulated by your broker manager or your broker has blocked your account just because they need you to make more deposit to your account. If you’re interested in getting all your lost funds back Kindly get in contact with Mr Gary. He will retrieve your funds back,  I just got my total investment reward thanks Gary
    Call/text him via +17186825713 Mail: cybertechhub100 at gmail dot com.

    ReplyDelete
  7. Are you desperate need to know what your son/ daughter is up to???
    Is your son / daughter telling you the truth about their locations?
    Do you know you can clear the thoughts and monitor all of your partner/loved ones activities without them even suspecting? Contact (cybertechhub100 at gmail dot com), or text +17186825713.
    I had access to my wife’s phone, I could see her WhatsApp, Facebook, snapchat, call logs, texts, emails and other accounts I wanted to see. She isn’t even aware that all these are happening. Its just so awesome.
    He offers the best hack services for affordable prices.

    ReplyDelete

  8. ARE YOU LOOKING FOR LOAN, PROJECT FINANCE, STARTUP FUNDING, MT760 BG/SBLC LEASE OR SALE ???
    WE ARE REGISTERED PRIVATE LENDER, INVESTOR, FINANCE TRADER, DIRECT PROVIDER OF BANK GUARANTEES(BG), STANDBY LETTERS OF CREDIT(SBLC), LETTER OF CREDIT (LC), NON RECOURSE LOAN, PROJECT FUNDING FROM TOP RATED BANKS WORLDWIDE AT DISCOUNT RATE..
    APPLY NOW!!! FOR CASH LOAN OR BANK INSTRUMENT TO START A NEW BUSINESS OR TO EXPAND EXISTING BUSINESS.
    PLEASE CONTACT US THROUGH EMAIL : masfinancialservices1@cash4u.com text on 770-824-6784.
    #PERSONAL LOAN!!! #BUSINESS LOAN!!! #MONEY LENDER!!! #IMPORT FUNDING!!! #EXPORT FUNDING!!! #TRADE FINANCE!!! #PROJECT FINANCE!!! #PROJECT FUNDING!!! #LEASE/SALE MT760 BG/SBLC!!!

    ReplyDelete
  9. He is no scam,i tested him and he delivered a good job,he helped me settle bank loans,he also helped my son upgrade his scores at high school final year which made him graduate successfully and he gave my son free scholarship into the college,all i had to do was to settle the bills for the tools on the job,i used $500 to get a job of over $50000 done all thanks to Walt,he saved me from all my troubles,sharing this is how i can show gratitude in return for all he has done for me and my family

    Gmail; Brillianthackers800@gmail.com
    Whatsapp number; +1(224)2140835

    ReplyDelete
  10. I was so anxiuos to know what my husband was always doing late outside the house so i started contacting hackers and was scamed severly until i almost gave up then i contacted this one private investigator and he delivered a good job showing evidences i needed from the apps on his phone like whatsapp,facebook,instagram and others and i went ahead to file my divorce papers with the evidences i got,He also went ahead to get me back some of my lost money i sent to those other fake hackers,every dollar i spent on these jobs was worth it.Contact him so he also help you.
    mail: premiumhackservices@gmail.com
    text or call +1 7078685071

    ReplyDelete
  11. Incase you are in need of a real good and quality hacking services such as spouses cell phone hack, email hack, bank account hacks and others, virtualtophackers is the best at that. I decided to hire him after a long history of disappointments from other fake hackers and he really surprised me by helping with every hacking help I needed, contact him and get yours done. Honestly you will thank me later so Contact there email
    Virtualtophackers@gmail.com OR
    Via Telegram ‪ +1 832-463-0425

    ReplyDelete




    Ankush Mohanty: is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other then this he is a Certified Ethical Hacker. His all efforts are to make internet more Secure.


    MyFreeCopyright.com Registered & Protected
    MyFreeCopyright.com Registered & Protected