Social engineering is manipulating people into doing something, rather than using technical means. It is the art of gaining access to buildings, systems, or data by exploiting human psychology, rather than by using technical hacking techniques. For example, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password. The goal is always to gain the trust of one or more of your employees.
A system has hardware, software, and wetware; wetware being the human element of the system. With million-dollar security systems and state-of-the-art security technology, the first two systems may be impenetrable, but with enough patience and knowledge, a social engineer can use weaknesses in the wetware to trick an unsuspecting target into revealing sensitive information. Social engineering is a use of psychological knowledge to trick a target into trusting the engineer and ultimately revealing information.
What Do Social Engineers Want?
The goal for many social engineers is to obtain personal information that can directly lead them to financial or identity theft or prepare them for a more targeted attack. They also look for ways to install malware that gives them better access to personal data, computer systems, or accounts. In other cases, social engineers are looking for information that leads to a competitive advantage.
Items that scammers find valuable include the following:
How Does it work?
Social engineers leverage trust, helpfulness, easily attainable information, knowledge of internal processes, implied or impersonated authority, and technology to trick you. Often, they will use several small attacks to reach their final goal, bits of information pulled together into a convincing story. Social engineering is all about taking advantage of others to gather information and infiltrate an organization.
Types of Social Engineering
Ways to prevent Social Engineering
Conclusion: Social engineering is a way in which an intruder can get access to your information resources without having to be a technical, network, or security expert. The attacker can use many tactics either to fool the victim into providing the information he needs to gain entry or to obtain the information without the victim’s knowledge.
Social engineering can be a threat to the security of any organization. It is important to understand the significance of this threat and the ways in which it can be manifested. Only then can appropriate counter-measures be employed and maintained in order to protect an organization on an ongoing bas.
.This article was contributed by Mohit Rawat, security expert at Infosec Institute
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.