Social Engineering (SE) is a technique of human manipulation based on human negligence or ignorance. Various techniques of deception are used to play the “human” side of each individual and wish to help others or to a map of authority or false representation in a person who is in some way authority over a victim. A social engineer is actually a person who not only knows the techniques and methods of attack but is extremely well aware of psychology and has a high level of social intelligence that helps him manipulate others.
How did it all begin?
It started with simple methods of fraud that primarily concerned the use of fixed telephony. The first method is known as “War Dialing” and the basic idea is that you have a device that will automatically call a large number of company numbers and thus detect the numbers of devices (access modems or fax machines). At a time when this technique was current, most of the remote access was working through these access modems, while it is only a spare option in some companies today, while most do not use such a way.
The next thing that was extremely interesting for social engineering is wireless networking (WiFi) which, due to the only way of spreading the signal through the air and the weak protection methods, has become the number one target. The technology that has become extremely popular is known as Wardriving and which itself is not illegal. This is a passive scan of a network in a car driving area where an active program on a laptop scans a network or an access point and a type of map, most often a Google map that sets the wireless access point tags. In addition to the name here, the information on whether protection is used and what is used, which channel is used, and in some cases, it is possible to identify the device itself. This is only the starting point, that is, in military terminology, it is called “scouting” where we only collect information and after we process them and decide on what further steps are.
Email and web
Apart from wireless networking for social engineers, e-mail and web technologies are extremely interesting. These are two channels used for different types of fishing (Phishing) where the basic idea is to urge the user to click on a specific link that will either take him to a fake site where he will leave his login information (usernames, passwords, PINs) or the other option is to click on the link to start installing a particular software on the computer. In both cases, the idea is the same, to mask the true URL link in another so that the user clicks and what will continue to depend on what is the main target of the attack. Here I want to point out that this method can work over a text message and then it is known as SMISHING or over the phone and then it is about VISHING.
After all, we come to the phenomenon of today’s phenomenon, namely the so-called. Social networks have become standard today. Whether it’s Facebook, Twitter, LinkedIn, Instagram, or any other social network, social engineers are active everywhere and play a “predatory” game that seeks and seeks a victim. Of course, the victim, in this case, is the person who will accept to play their game they know they are good to create. Here we have to be very careful because, in some cases, pedophiles who use social networks are also in contact with the child to lure the child by creating the false profiles of the juvenile allegedly wanting to associate with their peers. This can have elements of a serious criminal offense and there is an international police action known as Armageddon that successfully deals with this issue. However, there are also issues that are related to something known as identity theft, and it is about knowing someone so well with the person and her online identity to steal it.
How to protect, is there protection from such attackers?
The only way of defense is something that is known as security awareness or raising awareness of the threats and the means of defense from them.
As for physical persons or ordinary people, here are some tips that should not be done:
- A real friend on the web is just a friend you know from a real world, not someone you’ve never met physically but has come closer to the online world.
- Consider what kind of information you put into social networks, never ask questions about the job you are doing because you can tell someone what you are currently doing or what the firm has of software or security devices.
- Take care of the pictures you put on your network, especially avoiding family or child pictures as well as pictures from where you can see where they are shot. It is also possible for images to contain metadata that reveal which camera is depicted and the exact location on the coordinate map. This is something that was previously used on the Facebook network, but their team quickly responded and now all existing metadata is automatically deleted when the image is inserted.
- Do not always check that you are currently in a destination if you feel it is possible that someone is abusing you because you know that you are not at home or in the office.
- Whenever you get a link, whether it’s mail, Viber, Skype or some other message exchange mode, always see where the link really is, and not what it says. This can be done easily if you get the mouse on the link itself and look down at the status line of your browser. Should look like a real link rather than what it says in a message.
- Never enter your information on sites that do not have an SSL certificate and which browser indicates as being insecure (this is usually signaled by a red or orange box while green should be labeled safe websites).
- Never give information over the phone if you are not sure of the identity of a person on the other side because his name does not have to mean that he is right and that he is not a fraud.
This is just a small part of what exists in the methodology of social engineers and some of the things I have not mentioned here, but I will make individual posts for them because the themes are too big.
Also here are some tips, but there is still plenty to do so that this should be understood only as a theme for thinking and if I managed to put you in thinking of this post then I achieved the goal.