According to Wikipedia:
“Social engineering” as an act of psychological manipulation had previously been associated with the social sciences, but its usage has caught on among computer professionals
A person cannot understand the power of this attack till he is involved in any attack either as a victim or as an attacker. Most of the new persons who want to be hacker neither understand this attack nor they think it is effective. Later, they realize that they ignore the most powerful attack.
Read some examples of social engineering attack below and try to understand how it is done.
False Bank Support: Suppose, you get a call from the back saying their server has been hacked and they need your password to recover your account information. The attacker also adds that they need because they cannot use your personal account details without your security.
False Vendors: You may find various websites where premium software are sold at very discounted prices. Some of these websites are the scam and developed by the hacker. When you try to pay on this websites, they store your password and then use your card details to steal money from your account. This is a kind of phishing that uses social engineering to force users to give credit card details.
Phishing Emails: Sometimes, you also get scam emails which pretend to be real but they are sent to take you on fake pages that ask your password.
Most common example of social engineering in India
If you can remember, most of the Indian people are receiving fake calls claiming to be the bank person. These kind of calls inform you about your card’s expiry and asks you to hand over few important details to unblock cards. Few of these calls already know about name and transcations details. These calls asks for your card numbers and OTP you recieve. Once you hand over the information they asked, you will see large amount of money deduction from your account. This is also an example of Social Engineering attack.
Why Hacker use Social Engineering attack
Understanding this is very simple. If you cannot open a locked door, you need to trick someone else to open the door for you. If you are not sure whether you can break the lock, still you try, there is a chance of being caught. So attacker uses social engineering attack. This attack needs some time before performing the action. The attacker needs to understand the system well and then find the weak link (the person who can open the door) of the system. Then gather information about the link and learn how to get information from that weak link.
These are the main steps need to be performed on the weak link
- Perform research to know more about the person
- Build trust by using the gained information
- Exploit relationships for information through words, actions, or technology
- Use the information gathered for malicious purposes
Security professionals think that as our world becomes more dependent on technology, social engineering remains the greatest threats to information security.
Organization must educate their employee about this attack and create a structured data privacy. Organizations must establish security protocols for the people who handle sensitive information.