Majority of the successful breaches and sensitive data stealing involves the social engineering attack which is commonly known as people hacking. So, if you ask any IT Security person about physical security, he or she will probably start talking about key card locks, cameras, and personal document protection things. So, it is right to talk about these because physical security can be easily breached through the use of social engineering. In this chapter, you will learn about the various social engineering techniques that can be used to violate the security along with the security mechanisms and ways to protect that.
What Is a Social Engineering Attack?
Social Engineering is one of the popular attacking techniques that is used physically and/or psychologically and relies very much on human interaction where the attacker often manipulate the victim and rupture the standard security mechanisms to gain access to any sensitive data, file, system, network, server, etc. Examples of different social engineering attacks are:
- Spear Phishing.
- Dumpster diving.
- Shoulder surfing.
- Quid pro quo etc.
In this chapter, we will discuss some of the popular social engineering attack techniques and how to secure the user and their system from such threats.
Phishing is the most popular form of social engineering attack that every security professional must stay aware of. The attacker recreates a dummy website or portal of any popular organization, institute or company and sends the (illegitimate) link to targets with the use of emails or social media. The victim on the other end is a legitimate user who is unknown of the attack, ends up in giving his / her personal information. The attacker receives those login credentials and other personal details and goes to the original site and logged in.
As a security analyst, you must be aware of the employees and users to put filters (spam filters) in their email to protect them from getting involved through phishing emails. Also, note that phishing links do not usually contain HTTPS and there will not be the genuine domain name. These are the possible ways you can protect your venture, employees or organization from such attacks.
Many cybercriminals keep on scrounging the dustbins and other garbage area looking for information and other sensitive data about the users. People usually throw many papers such as receipt generated by ATM containing financial details about the user as well as names and phone numbers. It can be effectively used by cybercriminals to compromise users.
As a cybersecurity professional, you have to suggest setting up an area where important files and DVDs and other stuff can be dumped to prevent employee's data and sensitive information.
Shoulder Surfing can be defined as the act to acquire personal or private sensitive information by the process of straight observation. This social engineering technique involves looking or peeping over a person's shoulder or body for gathering relevant information about the victim for the attack. It is done no only by human but also by cameras that are fitted in the room.
So, while using your personal information, or feeding your personal data and sensitive information in an online form in a cyber cafe, it is recommended to take a look if anyone or any camera is peeping to your personal data, passwords or not.