Social engineering is a way to get someone to do something they wouldn’t do normally, like giving their phone numbers or confidential information by gaining their trust and making a false relationship with them.
Basically, It is the art of studying and manipulating human emotions and the way of thinking, it can be friendly or it can be malicious.
There are many who use social engineering differently,
- Hackers -> Hackers with good social engineering skills are often hard to tackle and they are the most dangerous ones. They primarily use their SE skills to do attacks like phishing. Hackers use their skills to perform Major and minor attacks throughout the globe.
- Penetration tester -> Pentesters maybe have skills like a professional black hat hacker but they never use their skills to harm companies or individuals. Pentester use their SE skills to make the company more secure against these type of attacks.
- Salesman -> Salesman also uses social engineering. In order to sell their product, they will try to convince you in every possible way.
- Government -> They did not often look like social engineers, the government utilizes their social engineering to control the message that they have delivered. this does not have a negative impact always sometimes the message conveyed are for good reasons.
And their are lots and lots of people who uses social engineering either for good or evil like.
Every SEAs needs to involve human emotions without human emotions social engineering don’t work
Let’s see what kind of emotion have a great impact on SE.
- Greed -> “Do this one thing and I will give you this” greed makes people do things that they don’t want to.
- Empathy -> Impersonating someone you know and appeal for help.
- Curiosity -> Curiosity is good but sometimes it can take you to the worst situations.
- Vanity -> “isn’t it a great article of yours? can do a work for me” and there you get yourself into social engineering.
What could go wrong?
what could go wrong if someone does a SEAs on you?
Well, you could end up giving your passwords, credit card details, private information such as the mobile number and there are lots of things that can be targeted by hackers.
If you work in an organization, a hacker can perform a social engineer on you to install malwares on the organization’s network. You will end up giving compromising your own company with your hand.
You can end up getting blackmailed by hackers if you give them some personal information.
How to defend against social engineering?
The best way of defending against SEAs is to carry out awareness training and simulated attack scenarios.
Studying the real-world attack scenarios.
See, you can’t be fully secured against SE attacks because in this attack words are playing a major part.
There are always some words that will trigger your emotions and you will end up falling into the trick.
You can only protect yourself with awareness and don’t give too much information to anyone.
If you want to learn about how to do social engineering or learn more things about it, there are lots of books and website to learn out there
- Social Engineering – The Art Of Human Hacking -> Book by Christopher J. Hadnagy
- The art of deception -> book by Kevin Mitnick
- social-engineer.org -> website