Social engineering is an art of exploiting human behavior to extract confidential information.
Social engineers depend on the fact that people are unaware of their valuable information and are careless about protecting it.
- Social engineers attempt to gather:
- Credit card details and social security number
- User names and passwords
- Security products in use
- Operating systems and software versions
- Network layout information
- IP addresses and names of servers
- Social engineering techniques:
- Shoulder surfing
- Dumpster diving
- Impersonation on social networking sites
Collect Information Using Eavesdropping, Shoulder Surfing, and Dumpster Diving
- Eavesdropping is unauthorized listening of conversations or reading of messages.
- It is interception of any form of communication such as audio, video, or written.
- Shoulder Surfing:
- Shoulder surfing is a technique, where attackers secretly observes the target to gain critical information
- Attackers gather information such as passwords, personal identification number, account numbers, credit card information, etc.
- Dumpster Diving:
- Dumpster diving is looking for treasure in someone else’s trash.
- It involves collection of phone bills, contact information, financial information, operations related information, etc. from the target company’s trash bins, printer trash bins, user desk for sticky notes, etc.
- Phishing: When a website is presented to the user whose URL looks authentic but actually it is fake it is called Phishing. Phishing is done for theft of sensitive information.
- Spear Phishing: It refers to phishing exploits against a particular target or organization.
- Whaling: It is also similar to Spear Phishing but exploits a big target such as CEO of organization.