Social Engineering and Techniques
Social engineering is an approach to gain access to sensitive information through misrepresentation. It is the conscious manipulation of people to obtain information. The technique basically relies on human weakness like greed/curiosity/anxiety and other such tendencies, rather then technical vulnerabilities.
There are various ways in which the fraudster attempts to gather the confidential personal information personal for committing offences like misrepresentation, unauthorized access, financial gains, infecting systems etc.,
- Social engineering techniques 1
- Phishing: This is the practice of sending emails, text messages, or social media messages that appear to be from a legitimate source, such as a bank or government agency, but are actually designed to trick people into giving away personal or financial information.
- Pretexting: This involves creating a false pretext or scenario to convince someone to provide sensitive information or take a specific action. For example, a fraudster might pretend to be a colleague or customer service representative and ask for personal information or login credentials.
- Baiting: Baiting involves offering something of value, such as a free gift or discount, in exchange for personal information or a specific action. For example, a fraudster might offer a free gift card in exchange for completing a survey that asks for personal information.
- Spear phishing: This is a targeted form of phishing that involves sending emails or messages specifically tailored to a particular individual or group. The messages often contain personal details that make them seem more credible.
- Impersonation: This involves pretending to be someone else, such as a bank employee, police officer, or IT technician, in order to gain access to sensitive information or convince someone to take a specific action
- Reverse social engineering: This is the practice of using information gathered from social media and other sources to build a relationship of trust with someone and then using that relationship to gain access to sensitive information or convince the person to take a specific action
- Social engineering techniques 2
Public places: Casual sharing of personal information by users in public places like cafes, movies, pubs etc., which is noted and misutilised by fraudster.
Gossips: Talking about some gossip with colleague may give some information to other people who might be a social engineer.
Personal pride and confidence: Sharing sensitive information of your family or organization to boast your achievements, pride, and confidence to unknown persons.
Persuasion: Influencing individuals to give you confidential information by repeatedly convincing them. Ex.: a hacker posing as a company's IT team.,
Hoaxing: An attempt to trap people into believing that something false as real. Aimed at a single victim it is done for illicit financial or material gain a hoax is often perpetrated as a practical joke, to cause embarrassment. Ex: false virus alerts, false tax alerts, false tech support etc.,
Vishing: Using the telephone system, most often using features facilitated by Voice over IP (VoIP), to gain access to private personal and financial information from the peple for the financial gains. The term is a combination of "voice" and phishing.
Dumpster diving: Collecting personal information of individuals from improperly discarded documents. Ex. Air tickets, electricity bills, discarded credit/debit/pan cards etc.,
Social engineering fraudsters rely on human psychology and the willingness of people to trust and help others. By using these techniques, they are able to exploit vulnerabilities and deceive people into providing sensitive information or taking actions that benefit the fraudster. It's important to be vigilant and skeptical of requests for information or actions that seem suspicious or out of the ordinary.