Hi there, Steem!
Do you remember the cult movie "Ocean's Eleven"? Eleven swindlers commit a daring theft, opening the most heavily secured casino safes. The success of their operation lies in social engineering.
What is social engineering?
This is a method of unauthorized access to information resources, based on the characteristics of human psychology. Simply put: the key to all doors is human weakness. One of the most famous social engineers in history, Kevin Mitnick, asserts: the foundation of social engineering is charm, courtesy, confidence and simplicity. And he adds: it's much easier to get a password by cheating, rather than trying to hack into a security system.
The First precept of Social Engineering (SI):
At first glance, useless information leads to the next level of access, which means that in the end it leads to the right one, where useful data and authorities are concluded.
A simple example: there is a secretary - Karen. Of course, she does not know the passwords to financial databases and does not have access to company accounts. However, she owns information about all employees of the company, knows their numbers and other personal information. And she's talkative and she needs a new friend. If you need to "get close" to the boss - do not go ahead, first, it's worth talking to the secretary.
She can tell anything about the chef, even if she does not want him to be evil. With whom and where he rests, what color he wears socks, and how many spoons of sugar he puts in coffee. A skilled social engineer will be able to squeeze out useful information for himself from such trifling information.
The second precept of the SI:
People are more stupid than they seem, and their behavior is often irrational.
There are several common techniques and types of attacks used by social engineers. All these techniques are based on the characteristics of people making decisions known as cognitive biases. These prejudices are used in various combinations, in order to create the most appropriate deception strategy in each particular case.
But a common feature of all these methods is deception, in order to force a person to perform an action that is not beneficial to him and which is necessary for the social engineer. To achieve the set result, the attacker uses a whole series of various tactics: impersonating one another, distracting attention, exerting psychological stress, etc. The ultimate goals of deception can also be very diverse.
There are several techniques of social engineering: fake lotteries, fake antiviruses and programs for security, trojan viruses. But the most common techniques are pretext and phishing.
Pre-texting
This is a set of actions, conducted according to a certain pre-prepared script (pretext). The technique involves the use of voice, such as a phone, Skype, etc. to obtain the necessary information. As a rule, when appearing as a third person or pretending that someone needs help, the attacker asks the victim to provide a password or to log in to the phishing web page, thereby causing him to commit the necessary action or provide certain information.Phishing
This is the type of Internet fraud whose purpose is to gain access to confidential user data - logins and passwords.
Perhaps, this is the most popular scheme of social engineering for today. No major leak of personal data can do without the wave of phishing mailings following it. The purpose of phishing is the illegal receipt of confidential information. The most vivid example of a phishing attack can be a message sent to a victim by e-mail, forged by an official letter - from a bank or payment system - that requires checking certain information or performing certain actions.
The case, which has become a classic example of SI wiring from Kevin Mitnick:
A group of hackers decided to hack into the computer system of the software company, but they could not do it. Mitnick did it in 5 minutes, when he was only 17 years old. He called the sysadmin and confidently said that he was Anton Chernov, the lead developer of the project, that he really needed to log into his account, but the system fails. The sysadmin told him the password and the goal was achieved - all the source code was stolen.
Do not think that social engineering is a lot of Hollywood movies and big corporations.
This post has received a 32.85% UpGoat from @shares. Send at least 0.1 SBD to @shares with a post link in the memo field.
1000 SP, 5000 SP or more. Join us at https://steemchat.com/ discord chat.Invest your Steem Power and help minnow at the same time to support our daily curation initiative. Delegate Steem Power (SP) to @shares by clicking one of the following links:
Support my owner. Please vote @Yehey as Witness - simply click and vote.
Thank you for collaborating with me to promote this post as explained at https://steemit.com/steemit/@jerrybanfield/10-ways-to-fund-a-steem-growth-project.
This post has received a 9.28 % upvote from @boomerang thanks to: @equites
Thank you, @equites. It is pretty remarkable how pushing certain button: greed "enter your password and you'll receive ...", desire to help others, flattery, FOMO and so on really works.