What is Social Engineering: How it Works & Examples of Methods Used

in hive-187593 •  2 years ago 

Hello everyone!!!

How are you all in this community, I hope you are all healthy always and keep the spirit of living this difficult life. Meet me again today and on this occasion I again want to share educational lessons with all of you, I hope you believe and will help us for a better life.

What is social engineering?

Social engineering is one of the cyber attacks carried out by exploiting human error. You have to be careful with this attack so that your personal information can stay protected.

fraud-7065116_1280.png

Source

Some time ago, Instagram social media was enlivened with a new trend called “Add Yours”. This feature allows Instagram users to respond to other users' Instagram Stories on a topic but with their own version. For example, an Instagram user uploads OOTD (Outfit of the Day) content and then attaches the “Add Yours” sticker to his Insta Story. In this way, followers of these users can participate in commenting by uploading their own version of OOTD content.

I think this feature is actually very interactive, but unfortunately there are many irresponsible people who actually use this feature to carry out social engineering actions. They create “Add Yours” content by asking people to submit something personal, such as an ID number, signature, nickname, and so on. The data is then collected to carry out other fraudulent acts.

The world's criminals are always looking for ways to get personal data. Therefore, when browsing in cyberspace, you must remain alert to various social engineering attacks. So that all of you can better understand what social engineering is, here I will provide more information for all of you.


What is Social Engineering?


Social engineering is a manipulation technique that exploits human error to gain personal information, such as access to an account, or valuables. Criminals in the world understand that humans are the weakest link in the security system. Therefore, they try to do social engineering techniques so that users are willing to provide sensitive data.

In cyberspace, these “human hacking” scams tend to successfully expose data, spread malware infections, or steal access to unsuspecting users. This can happen because criminals exploit the user's lack of knowledge about cyber security. In general, criminals carry out social engineering attacks because they are based on several goals, namely:

  • Sabotage: Criminals who want to disrupt, damage, or exploit the data obtained for actions that cause harm to the target victim.

  • Theft: Criminals who want to get valuable things like personal information, access, or money.


How is Social Engineering Done?


phishing-3390518_1280.jpg

Source

When performing social engineering techniques, criminals will generally manipulate by communicating with the target victim. This is done because criminals believe that the success of social engineering techniques depends on the target's trust in them.

Broadly speaking, here are some of the steps that criminals take when doing social engineering:

  • Preparation

Criminals will make preparations by collecting various information about the background of the victim. For example, such as the place of work, the group or organization that is followed, the name of the bank company used, and so on.

  • Infiltration

With the background info that has been obtained, the criminal will approach the victim. Usually they will disguise themselves as someone from a reliable source. Examples such as from the company where they work, banks, or others.

  • Exploitation

Once the target victim trusts the undercover criminal, the criminal will then start exploiting the victim. They will ask for sensitive information such as account credentials, ID card numbers, account numbers, and others. Apart from that, cybercriminals also often encourage victims to open malicious links.

  • Disengagement

Once the criminals manage to obtain sensitive information, they will then disappear and stop communicating with the target victim. They will then use the data that has been obtained to carry out actions that are detrimental to the victim.


Social Engineering Attack Method


After you know what social engineering is and how it works, here I will discuss several types of social engineering methods:

  • Phishing

Phishing is a social engineering attack in which criminals will pretend to be a trusted person or company to trick the target victim. This is done to get victims to share sensitive information, open malicious links, or send them money. This attack is usually carried out via email, SMS, or by telephone. You need to know, phishing is the most common method when criminals carry out social engineering attacks.

  • Baiting

As the name implies, baiting attacks are carried out by providing bait. Baiting is an attack that takes advantage of the target victim's curiosity. Criminals will usually use bait with valuable items or free services. For example, by persuading the victim to open a malicious link that looks like a free download of music, movies, or software. When the target victim is persuaded to do so, then criminals can spread malware on the victim's device.

Besides being done through the internet, baiting techniques can also be done offline. Criminals usually do this by leaving a flash disk that has been infected with malware in public places such as public toilets, elevators, parking lots or others. When the victim takes the bait and inserts it into the office or home computer, the malware will be automatically installed on the system.

  • Quid Pro Quo

Quid Pro Quo is a social engineering attack that promises to be profitable for an exchange of information. Criminals can pretend to work for a professional agency and ask victims to provide sensitive data. In return, criminals will provide giveaways or prizes to the target victim. But in reality, the main goal of criminals is simply to obtain sensitive data without and will not give anything in return to the victim.


Conclusion


gdpr-3178218_1280.jpg

Source

If you are the owner of a company, then you need to make sure that all of your employees can safeguard sensitive company data. In addition, the company system that you use must also have a strong security system. To help ensure that your company already has good cyber security.

Hopefully the information above can help you in understanding what social engineering is. From the explanation that I have conveyed, it can be seen that currently cybercriminals can do various things to get sensitive data. As internet users, of course, we must continue to increase cyber security awareness and not easily share personal data with people we do not know.

My regards to:
@juzkid
@nattybongo

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Great education bro, you have truly enlighten us on social engineering, i feel like a pro in this subject already, thanks for that

Screenshot_20210716-110835_2.jpg
Your post has been curated by @nattybongo with @steem-ghana Community Curation Trail

JOIN US ON TELEGRAM

JOIN US ON DISCORD CHAT

Support us by delegating STEEM POWER to our Community account through the following links:

Great text, mrquenn