Popular Posts

Blog Archive

Search This Blog

Social Engineering Attacks | Ethical Hacking - Social Engineering

Share it:

Ethical Hacking - Social Engineering


Let us attempt to perceive the thought of Social Engineering attacks through some examples.

Example 1

You must have detected recent company documents being thrown into dustbins as garbage. These documents would possibly contain sensitive info like Names, Phone Numbers, Account Numbers, social insurance Numbers, Addresses, etc. several corporations still use paper in their fax machines and once the roll is over, its carbon goes into ash bin which can have traces of sensitive information. though it sounds inconceivable, however, attackers will simply retrieve info from the corporate dumpsters by pilfering through the rubbish.

Example 2

An aggressor might bind organization personnel and establish a sensible relationship with him over an amount of your time. This relationship will be established online through social networks, chat rooms, or offline at a table, in a very playground, or through the other means that. The aggressor takes the workplace personnel in confidence and at last digs out the desired sensitive info while not giving a clue.

Example 3

A social engineer might fake to be associate degree worker or a legitimate user or associate degree influential person by faking associate degree identification card or just by the convincing staff of his position within the company. Such an associate degree aggressor will gain physical access to restricted areas, therefore providing additional opportunities for attacks.

Read this article: A Distributed Denial Of Service (DDoS) Attack | Ethical Hacking - DDOS Attacks

Example 4

It happens in most of the cases that associate degree aggressor may well be around you and might do shoulder surfriding whereas you're writing sensitive info like user ID and secret, account PIN, etc.

Phishing Attack

A phishing attack could be computer-based social engineering, wherever associate degree aggressor crafts associate degree email that seems legitimate. Such emails have an equivalent look and feel as those received from the first web site, however, they may contain links to pretend websites. If you're not good enough, then you'll kind your user ID and secret and can attempt to login which can end in failure and by that point, the aggressor can have your ID and secret to attack your original account.

Quick Fix

You should enforce an honest security policy in your organization and conduct needed training to form all the workers awake to the potential Social Engineering attacks and their consequences.
Document shredding ought to be a compulsory activity in your company.
Make double positive that any links that you simply receive in your email are returning from authentic sources that they purpose to correct websites. Otherwise, you would possibly find yourself as a victim of Phishing.
Be skilled and ne'er share your ID and secret with anybody else in any case.

thank you✌✌✌


Share it: