Topic: The Impact of Social Engineering
A. Definition of Social Engineering
B. The goal of Social Engineering
C. Reverse Social Engineering
D. Categories of Social Engineering
1. Technology based
2. Non-Technology based
E. Types of Social Engineering attacks
F. Defense against Social Engineering
G. Impact of a Social Engineering attack
Social engineering has become the most popular method of compromising the security of personal data. The successful use of Social Engineering techniques has provided attackers and hackers the ability to breach computer systems and gain access to sensitive data. Many computer hackers such as renowned hacker Kevin Mitnick have found that it is easier to trick somebody into giving his or her password than to carry out an elaborate hacking attempt (Mitnick and Simon, 2002). What is social engineering?
Social engineering is the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques (Godchild. 2011)”. Social engineering involves the use of manipulation to trick others into revealing and or providing the needed information that can be used to steal data and or gain access to secured systems. Most victims of social engineering attacks never see their attackers and they seldom realize that they have been hacked or manipulated. The goal of social engineering
The main goal or focus of social engineering is to use human weakness to gain access to secure systems and or data. Despite the implementation of a wide range of security controls and measures into a secured system; there will always be a human linked to the system. Humans are the weakest link in all secured systems. “Securing the hardware, software, and firmware is relatively easy; it is the “wetware” that causes the biggest headache” (Peltier, 2006). Wet- ware is defined as the human brain or a human being considered especially with respect to human logical and computational capabilities. What is a reverse social engineering?
Reverse social engineering is a more advanced method that hacker may use for the purpose of gaining secured information. This is when the hacker creates a persona that appears to be in a position of authority so that employees will ask him for information, rather than the other way around. If researched, planned and executed well, reverse social engineering attacks may offer the hacker an even better chance of obtaining valuable data from the employees; however, this requires a great deal of preparation, research, and pre-hacking to pull off.” (Granger, 2001)
Reverse social engineering occurs when an attacker convinces their target that he or she has a technical problem and the attacker then helps solve or fix the targets problem. Reverse social engineering usually begins, with the attacker accessing and damaging the target’s equipment. After damaging the target equipment, the attacker next advertises their ability or skill in solving that particular problem. Thus, allowing the attacker to gain the trust of the target along with access to the targets sensitive information. If the attacker is successful; the target will continue to confide in the attacker for help in the future.
Categories of Social Engineering
Social engineering attempts are classified under two categories of deception. The categories of deception are identified as “Technology-based” and “Non-Technology based”. Technology-based social engineering is used to deceive computer users into believing that he or she is interacting with real applications or systems to get them to provide confidential information. Common examples of Technology-based social engineering methods include Pop Windows, Spam Mails, and Phishing.
What is a...