Social Engineering: The art of Human Hacking

Catherine Butler said, “Privacy on the internet is a MYTH”. The human life is completely coupled with the internet in the current times. We can predict the behavior of a person through his internet history. We share almost everything on the internet, starting from our daily life doubts to essential financial information. But, to point out do we actually think twice before sharing such important information on these platforms? The answer is NO! Surprisingly, there is a huge community of people observing your daily life activities and online presence. All these people use “Social Engineering” attacks to cheat you and to make your life hell by doing malicious activities. As prevention is better than cure, let’s have a look at these fickle attacks and have a secure social life.

Image source: istockphoto
What is Social Engineering?

In layman terms, Social Engineering is a psychological process which is used by cyber criminals to gain access to victim’s personal and confidential information. The extent of this information can be access to victim’s computer system and other privileged information such as banking credentials, passwords and sometimes identity as well. However, after getting such information or data these criminals either steals the victim’s identity or money and perform other illegal activities.

Life Cycle of Social Engineering Attacks

1. Investigation: This is the first and most important step which requires a whole lot of patience and hard-work. In this step, the crook acquires background information about the victim. Also keeps a close eye on victim’s habits both on the internet and in person. This is the basic step which decides the chances of a successful attack.

2. Hook: After collecting the required amount of information about the target, the attacker makes his first move. This can be through a normal smooth conversation with the victim. Together with, spinning a story in front of the victim. The attacker holds the control of the conversation. All this happen without the victim finding anything inappropriate.

3. Play:  It is the longest step of the life cycle. After a good amount of time the attacker builds the bridge of trust with the victim. Once this is done, the crook retrieves the required information i.e. confidential data, banking credentials and personal identity etc. The information is gathered using various Social Engineering attacks such as phishing, baiting etc.

4. Exit: It is the last step of the cycle in which the culprit moves towards closing the interaction. In this the attacker slowly shuts down communication with the victim. Ultimately the culprit then covers all the malware and tracks of his malicious activities. At last, disappears smoothly from the victim’s life. Hence, victims rarely come to know they have been attacked.

Types of Social Engineering Attacks
A. Phishing:

It is the most common and efficient social Engineering attack. In this, the cyber crook attempts to gain the confidential information or important data. These include usernames, passwords, bank credentials, credit card details and so on. Most importantly, the cyber crook disguises himself as a trustworthy body in an electronic communication with the victim.

For instance, the culprit will send a message from a so called “friend” or any “known” person which you might trust. This message will ask you to open an attachment. Obviously how can we miss controversial news or money which we won in a contest without playing one. Once we click on the link provided the virus created by the crook enters into your mobile or computer system. Boom! You are Socially Engineered and now your data is sin for the cyber crook.

B. Vishing:

It is just another name given for phishing over a phone call. Vishing is considered to be a phone fraud. In this type of social engineering the culprit attacks over a phone call obtain the access to private, personal and financial information with the thought of getting a money or reward. Most of the time teenagers and senior citizens are targeted using this type of social attack.

One of the most famous cases where vishing is used by the cyber crook is in banking frauds. In such a case, the culprit will disguise himself as a banking official where the victim is an account holder. Then the crook contacts the victim. After that, he will obtain the information such as card details, CVV and OTP. All in the name of closing an account, or will lure the victim with some prize money i.e. to be transferred in victim’s bank. OMG! all your money is now gone in a second and your are attacked socially.

C. Baiting:

Baiting is a social engineering attack in which the cyber crook(s) makes a false promise to you in return for your confidential information. Each one of us like free stuff, it is human nature. In the social context, free stuff can be free downloads. These can be downloading a paid game or movie or a song free of cost etc. On the contrary, we never have a second thought about such free downloads. If by chance, you started downloading such files the data on your device is being compromised and you are socially engineered.

D. Pretexting:

It is one of the most efficient and time consuming social attack. Pretexting is an act of creating a fake scenario or visual and using it against the target in order to gather confidential information. The scenario is created and executed in a way that engages the targeted victim. At the same time, increases the probability of victim providing the confidential information and doing actions which are doubtful in normal conditions.

For example, this technique can be used to impose co-workers, policeman, bank, clergy, tax authorities. It involves advance research about the targeted victim such as DOB, last bill, bank name in order to establish legitimacy in the victims mind. Cyber crooks use pretexting in order obtain information like utility records, telephone records and bank records etc directly from customer representatives. Moreover, all that is needed is a bold voice, steady tone and ability to create a legitimate pretextual scenario.

There are number of such cyber attacks but the above four top the list of social attacks. To sum up, Social engineering is the art of human hacking. Nowadays, it is impossible to work in information technology without engaging with such social attacks. According to a study, every year around 168 million people are conned using cyber attacks such as phishing, baiting and the numbers are increasing rapidly.

As of now, there are some basic preventive measures you can follow in order to avoid attacks to your social life. The measures are, to avoid sharing your banking details, passwords with anyone, when you enter your details on any website make sure it is valid and secure. Don’t I repeat don’t ever download strange attachments even if they are delivered to you from some known person. Above all, keep your social life as secure as you keep your routine life.

Meanwhile, you can also have a look at, ”Entering the age of information through Internet of Things”.

Leave a Reply

Your email address will not be published. Required fields are marked *