GRD Journals- Global Research and Development Journal for Engineering | Volume 5 | Issue 10 | September 2020 ISSN- 2455-5703
Social Engineering: A Ninja Approach to Human Consciousness Vismit Sudhir Rakhecha Sr. Security Analyst Department of Information Technology Evolent Health International
Abstract No matter how secure is the company, how advanced is the technology used or how much up to date their software is, there's still a vulnerability in every sector known as ‘Human'. The art of gathering sensitive information from a human being is known as Social Engineering. Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your system. Social engineering attacks are increasing day by day due to lack of awareness and knowledge. In this paper, we are going to discuss Social Engineering, its types, how it affects us and how to prevent these attacks. Also, many proofs of Concepts are also presented in this paper. Famous hacker Kevin Mitnick helped popularize the term “social engineering” in the ‘90s, but the simple idea itself has been around for ages. Social engineering is the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. Keywords- Social Engineering, Phishing, Vishing, Eavesdropping, Phishing Audit, Phishing Scams, Social Engineering Audits
I. INTRODUCTION The term "Social Engineering" can be defined in various ways, relating to both physical and cyber aspects of that activity. Wikipedia defines social engineering as: “..the art of manipulating people into performing actions or divulging confidential Information.” The goal for many social engineers is to obtain personal information that can either directly lead them to financial or identity theft or prepare them for a more targeted attack. They also look for ways to install malware that gives them better access to personal data, computer systems or accounts, themselves. In other cases, social engineers are looking for information that leads to competitive advantage. Items that scammers find valuable include the following: 1) Passwords 2) Account numbers 3) Keys 4) Any personal information 5) Access cards and identity badges 6) Phone lists 7) Details of your computer system 8) The name of someone with access privileges 9) Information about servers, networks, non-public URLs, intranet
II. HOW SOCIAL ENGINEERS WORK There are an infinite number of social engineering exploits. A scammer may trick you into leaving a door open for him, visiting a fake Web page or downloading a document with malicious code, or he might insert a USB in your computer that gives him access to your corporate network. Typical ploys include the following: A. Information Gathering This involves gathering information about the person that the social engineer is targeting, or other information about the organization or personnel that will convince the target individual to divulge the required information. A variety of techniques can be used to gather information about the targets; this information can then be used to build a relationship with either the target or someone of influence or important to the success of the attack. Typical information that may be gathered could be an internal phone directory; birth dates; organizational charts, personnel records, social activities, relationships etc.
All rights reserved by www.grdjournals.com
1