Information Protection

Social Engineering

Social Engineering

I am going to tell the secret behind most hacks. The secret is social engineering. Unlike what TV and movies would have you believe. Hacking directly into a computer system is incredibly hard and time consuming. So instead attackers employ social engineering attacks in order to gain information to make the process easier. I will tell you social engineering attacks hacker employ.

photo-1492045379936-abb525f8dacb.jpg

Impersonating:

You do not know if the person on the phone are who they say they are. Hackers often research the company employees then call the company pretending to be a supervisor or another high position. They often try to come off as in a rush, agitated and demanding. They ask for information and that employee gives it to them. To prevent things like this from happening, your company should have a strict policy of not giving out information over the phone.

hacker-3081816_960_720.jpg

Phishing:

This is probably the most common type of attacks. It is easy and simple to set up. All they need are emails that can easily be procured on the black market. An email client, a web server, and set up fake web pages. Attackers email thousands of people. The email is made to look like it is from a legitimate business or website. The message usually asks them to update their personal information(password, social security number, ect) along with a fake link to a webpage. The webpage is a phishing site the is designed to look like the original. When the victim enters their information in it is logged and the attackers now have it.

scam-2048851_960_720.jpg

Physical

As I mentioned early movie portray hackers as people who just sit behind a computer. It is hard to hack into a computer remotely. So an attacker might insert a usb drive into a computer then walk away. The usb drive will contain some kind of malware. Sometimes attackers will leave usb drives around hoping someone will pick it up be curious and insert it in their computer to see what’s on it. There is also shoulder surfing, attackers can get passwords, atm pin’s, and other personal information by just looking over someone shoulder. Sometimes attackers work in groups one with binoculars far away and someone on the ground. Other kind of physical attacks is dumpster diving. Sensitive documents that have not been shredded may be found. They might buy used computers and run software