Social engineering - the art of penetrating people

in hive-119463 •  4 years ago 

Why should we think that breaches are so difficult and can only be implemented by experts in the field of penetration or information security? There is a concept that can summarize all of this and it is called social engineering.

Why don't we focus on the easiest point in the chain of information security, which is humans, why are humans the easiest?

The answer is simply because there are no software security patches for the human mind, while every day we find hundreds of patches for a lot of programs on computers, cell phones and devices.
WORLD OFM XPILAR.png
Imagine that you wanted to hack someone's device, and let's say you were able to get the password, but this word is encrypted! Of course, you can unlock the password using modern devices to decode passwords, and if the password is strong, this may take hundreds of years from you, even using giant, powerful devices.

But let's go to the weakest link in the chain, which is humans, and do a study or social engineering for this person, it is very possible that we reach the password after several hours if not several minutes!

Many people use very easy passwords in order to memorize them and also make this word the password for all his accounts. If the hacker knows one of the accounts, he will surely know all of his accounts, and some of them use his mobile phone numbers, or the names of his children or relatives.
And if this person is smart in choosing a password, it is possible that he may have put an effect on account recovery questions, such as the first school he studied in, or the best meal, and this only needs one question for this person to extract it?

What is social engineering

Social engineering can be defined as follows: It is the art of penetrating people in order to manipulate them and extract information from them by indirect means, for a goal that could be material or intangible.

Who is a social engineer

He is a person with a deep background in many fields, the most important of which is the technical fields, and he is able to penetrate people through several methods, the most important of which is fabricating stories and deluding the victims of his good intentions in order to carry out his attacks. To reach his goals.
One of the most important of these methods is the phone call, as it can delude people that he is a person who wants to help them or asks them for help and they fall into the trap of the social engineer.

Also, social engineers have other methods, such as using emails in order to persuade employees to open links or malicious files with the aim of harming the institution, and this is one of the famous methods that they use constantly.

Who are the targets of social engineering and why are we victims of such attacks?

Anyone can be a victim of such attacks. All of us are actually important data. These data may be important to the hacker, such as pictures for extortion, information about the institution in which he works or any information and each piece of information is valuable, even if it is simple.
This, on the one hand, and on the other hand, is the reason that makes us victims of such attacks, and these are some of the reasons that may make us victims of such attacks.

1- As human beings, you find us cooperating and love to provide assistance to others, so we find that social engineers are proficient in making people provide assistance to them, and most of the time this aid is sensitive information that the social engineer collects in order to form a large picture of the target that he wants to penetrate.

2- People's ignorance of social engineering attacks makes them more vulnerable to these attacks, and there are no courses for them that serve as immunization from these exceptional and dangerous attacks, and also these attacks may occur for easy access to people, so you can meet people in their workplaces or places of study and other and start tracking them Create friendship in the beginning and then socially engineer this person in order to access important information.

3- Weakness of policies in institutions and companies, as it does not provide the necessary training for employees to prevent these attacks and does not work to refute its information, limit it to places and codify it to employees, not all information is important for all employees, and each group should pay attention to the information that matters to it only, as if an attacker can Taking part of the information cannot form a general picture of everything.

Conclusion

In this article, I tried to summarize the concept of social engineering in general, who are the targets, and why we are victims of these attacks, and in the next article, God willing, I will talk about the technologies that social engineers use to make their attacks, and we will detail each attack with mention of examples, if any, and you can now see Some of the tools and tricks they use

hive-119463 penetrating people social engineering life steemit steem lifestyle
4 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.70
  • Past Payouts $0.70
  • - Author $0.40
  • - Curators $0.30
18 votes
0
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!