Oh You secured your computer or the server? You think no one can exploit your network? This could be wrong. Because human mind is always vulnerable someway. And an experienced hacker can use advanced weapon called social engineering technique to exploit this vulnerability.
A social engineer can become a wonderful manger or executive, a trusted employee of a company or a technical supports. This is not really a easy thing to do but a good hacker has changeable strong personality to become anyone. A social engineer require to have a great skill, strong personality and research about your organization. Hire a hacker!
Here is some example of social engineering:
Support: They come to you or to you or in your company to install patch, software or server update. Telling the user to disable antivirus and install software as his instruction. Finally, The social engineer will get remote connection to his computer When he allowed to do this.
Vendors: A social engineer become vendor. And tell the company’s users that some package need to be updated, so he needs the administrator password.
Employee: A social engineer can become a employee. Then may say that he lost the key to access the area where he is not allowed!.
A hackers use social engineering technique, because it is simple for them. He does not need to break firewall or antivirus. He will make the user or employee do it, or the company will allow him to do it.
There are 3 basic step for a hacker to attack through social engineering:
Research about the company or person: Hackers will gather as much as information that publicly available. This might be using Google, Facebook or Twitter.
Build trust: He will use those information to build an unbelievable trust with targets.
Exploit the relationships: When he is a trusted person of his target, he will start exploiting the relationships.
An Expert social engineer can gather anything. For example:
- Passwords .
- Confidential reports.
- Keys to the building.
- Employee information.
- Accessing the computer without password, so on.
Last I want to give 3 example of social engineering attack:
- Phishing: This is the most popular and successful social engineering technique. The hacker send a fake mail to the target mail with a malicious link. For example, If a hacker want to hack your facebook account by social engineering technique, he will create fake web page similar to facebook.com, such as faceb0ok.com. When you will try to login to faceb0ok.com, the hacker will get your credentials.
- Pretexting: This is most likely to phishing attack. For example, A hacker may email or make a phone call to a employee. And claiming himself a I.T Engineer and need administrator password to audit the company system.
- Piggyback: This is an easy method. Usually, the hacker wait for someone to enter password, and he walk behind the person to see what he types .
I would finally say, We are vulnerable. We can’t secure ourselves 100%. A hacker can learn from our body language too , and we are not that aware of it. Only way to avoid to be victim of social engineering attack is awareness.