Social Engineering Attacks: The Art of Manipulation by Exposing Weak Human Nature
Table of contents
Abstract
The art of manipulating people by targeting their social weakness like ignorance, laziness, greed and lust to exploit their personal and financial resources either by blackmailing them or by baiting them is known as social engineering. This paper starts with the threats posed by the social engineering attacks basically discussing the problems faced by these attacks. It discusses the various human natures or attitudes that are being targeted by the attackers in continuation with the types of some common techniques used by the hackers in order to exploit the target and what are the measures that should be taken in order to counter these threats.
Introduction
Social engineering can we termed as the efficient use of social skills in order to extract important data from the target either to blackmail them or to hack them for money or for some other important information. Most of us know hacking as writing some sort of code for getting accesses into the user database or profile to use his/her resources illegally, but due to the advancements in the it sectors it becomes more and more difficult for the hackers to penetrate the target’s firewall in order to breach its privacy and security so in this scenario hackers are using such techniques which requires less efforts and which are more effective, according to a report by S C Media, 60% of the enterprises were victims of social engineering attacks in which 65% of these attacks consist of employee details and 17% of them include attack on financial accounts.
Why The Social Engineering Attacks are Effective?
Social Engineering attacks does not involve any sort of code they comprises of human interaction so these type of attacks reduces the cost of the attacks more over these attacks target to human weakness so many of the victims do not report about these attacks cause they don’t want their weakness to be broadcasted on any public display, these type of reasons attract hackers towards social engineering attacks as the chances of getting caught by any government or security official is less.
Human Behavior’s that are Being Targeted:
Greed
Most of these attacks are successful because hackers target to the most vulnerable human behavior that is greed. The hackers bait the targets by giving offers on finance where the victim can earn money by filling some entries or by answering to some sort of quizzes. The hackers will give some links or some kind of GUI interface which looks very appealing and attractive and there is a sure chance that the target will fall for it.
Unawareness:
Most of the people become victims of these attacks because they are unaware of the fact that indirectly they are giving their important details to the hackers. Maximum victims reply to the phishing pages or mail either by downloading the attachments in the spam mails or by logging in to a phishing site which looks almost similar to the original site.
Lack of Security
Lack of Security is the one of the major reasons behind these attacks. Lack of security includes not using spam filters, antivirus, firewalls and storing data in a less secured storage. For countries like India people spend very less amount on cyber security so this makes the citizens more vulnerable to these attacks.
Lust
Sometimes hackers give links or popup windows which include some sensual pictures or which will direct the victims to some pornographic sites, basically these are the phishing links which mainly generate whey a person is visiting any pornographic site or any torrent site. These mainly include popup windows with some sort of cam shows or any dating sites.
Types of Social Engineering Attacks
E-Whoring
It is a termed basically used in world of hackers which can be also said as electronic fornication. In this the hacker basically targets the human lust as a weakness by giving some links or popups which will direct the victim towards a pornographic website or a dating site where the user needs to give its credit card details or its personal details and by doing so the user falls for the bait. This is the most effective technique used by any social engineer and probably the best attack.
Phishing
Phishing is the oldest but effective technique where the attacker uses fake sites and spam mails to bait his /her target. Most of the phishing attacks involve use of spam mails where the victims receives a mail which appears to be from a trusted source or seems to be from a genuine sender and usually contains a site link which will direct to a site which is almost similar to the original site in terms of the layout and GUI interface but with a different URL or the mail may contain some kind of attachment which when downloaded infects the user’s system.
Quid Pro Quo
It is a Latin word which means something for something. In this attack the hacker offers services in exchange of information or access. These attacks mainly target the IT professionals on large companies in order to get confidential data of the companies. In this the attacker calls an IT professional pretending to be a client or any IT administrator commanding them to disable any service or to give some sort of data so they can enter in the network. The attacker uses proxy so that their number cannot be traced or it remains unidentified.
Piggybacking
It is basically getting access into a wireless network in order to steal data or to get access into a restricted area. In this the hacker uses tools like wireshark and Fern Wi-Fi cracker to hack a wireless network. In Piggybacking the hackers usually uses public Wi-Fi like at airports and railway stations where the number of users are more so that they can hack into any user who is connected to that particular network.
Cite this Essay
To export a reference to this article please select a referencing style below
