What is Social Engineering? | Social Engineer Attack — Exploitbyte
Social engineering is the art of convincing people to reveal confidential information.
Comman targets of social engineering include help desk personnel, technical support executives, system administrators, etc.
Social engineers depend on the fact that people are unware of thier valuble information and are careless about protecting it.
What is Social Engineering?
Prior to performing social engineering attack, an attacker gathers information about the target organization from various sources such as:
- Official websites of the target organizations, where employees’ IDs, names, and email addresses are shared.
- Advertisement of the target organization through the type of print media required for high-tech workers trained in Oracle databases or UNIX servers.
- Blogs, forums, etc. Where employees share basic personal and organizational information.
After information gathering, an attacker executes social engineerings attack using various approaches such as impersonation, piggybacking, tailgating, reverse social engineerings, and so on.
Social engineerings is an art of manipulating people to divulge sensitive information to perform some malicious action. Despite security policies, attacker can compromise organization’s sensitive information using social engineerings as it targets the weakness of people. Most often, employees are not even aware of a security lapse on thier part and reveal organization’s critical information inadvertently.
Common Targets of Social Engineering
A social engineer uses the vulnerability of human nature as thier most effective tool. Usually, people believe and trust others and derive filfillment from helping the needy.
- Receptionists and Help-Desk Personnel : Social engineers generally target service-desk or help-desk personnel of the target organization by tricking them into divulging confidential information about the organization. To extract information, such as a phone number or a password, the attacker first wins the trust of the individual with the information. On winning their trust, the attacker manipulates them to get valuable information.
- Technical Support Executives : Another target of social engineers are technical support executives. The social engineers may take the approcach of contacting technical support executives to obtain sensitive information by pretending to be a senior management, customer, vendor, and so on.
- System Administrators : A system administrator in an organization is responsible for maintaining the systems and thus he/she may have critical information such as the type and version of OS, admin passwords, and so on, that could be helful for an attacker in planning an attack.
- User and Client : Attackers could approach users and clients of the target organization, pretending to be a tech support person to extract sensitive information.
- Vendors of the Target Organization : Attackers may also target the vendors of the organization to gain critical information that could be helful in executing other attacks.
Impact of Social Engineering Attack on Organization
- Economic Losses : Competitors may use social engineering techniques to steal sensitive information such as development plans and marketing strategies of a target company, which can result into a economic loss to the target company.
- Damage to Goodwill : For an organization, goodwill is important for attracting customers. Social engineering attacks may damage that goodwill by leaking sensitive organizational data.
- Loss of Privacy : Privacy is a major concern, especially for big organizations. If an organization is unable to maintain the privacy of its stakeholders or customers, then people can lose trust in the company and may discontinue the business association with the organization. Conequently, the organization could face losses.
- Dangers of Terrorism : Terrorism and anti-social elements pose a threat to an organization assets — people and property. Terrorists may use social engineering techniques to make blueprints of their targets to infilterate their targets.
- Lawsuits and Arbitration : Law suits and arbiteration result in negative publicity for an organization’s and affects the business performance.
- Temporary or Permanent Closure : Social engineering attacks can result in loss of goodwill. Lawsuits and arbiteration may force a temporary or permanent closure of an organization and its business activities.
Social engineering does not seem to be a serious threat, but it can lead to heavy losses for organizations.
If You Read more about Social Engineering then click here
I hope you get useful information there if you think anything to improve in this article you can comment below or if you need any help we will help you soon. If you are interested to learn hacking you can check here.
Originally published at https://exploitbyte.com on April 6, 2020.