Social engineering attacks and the associated effectiveness with each attack
Social engineering means that there are some attacks which are done in person. Like, the physical efforts might be involved in them. There are many attacks which can be done through this technique and each of these attacks contains some effectiveness. Like some of them can be more effective in the case of urgency, like one might be in a hurry to open the site or get prone to some attack. Also, if someone doesn't know about the attack that it even exists, then too, he would be careless about it and the hackers can take advantage of the situation. Another thing is, that if the attack type is not used as commonly as some other attacks, then one would not know and hence would not even realized if there I some trapped knitted by the hacker. Here are some attacking techniques and the effectiveness which are embedded with each attack;
The shoulder surfing is actually the technique which involves the direct observations. It includes looking over the ones shoulder, to gather some information about him. This technique is normally used when one wants to gather the information about the passwords, codes, PINS etc. It doesn't even make the person realize that he is being watched and only those with some amazing senses can sense that. It might happen that one goes to some cafe shop and takes his laptop with him, there someone watches him over typing he password of Facebook and can remember it along with the visible email ID.
It is a common practice that when one is done with something, it is discarded into the trash bins. But this thing can be dangerous as well. This method is little creepy since one might get attacked in a way that the hacker can go through the trash of that person can hence can gather some information which isn't supposed to get out. Like if someone gets out of the bank, one might go there and check the receipt which he has left at ATM or has thrown in the bin. In the cyber world, this is done through the postings which are done by one. The hackers can keep some close eye to one's activities and the posting he has been doing and hence can gather some knowledge. Like, one can gather knowledge about one's likes and dislikes, activities, the position of job, schedules etc. also, this can refer to the exploration of the trash bin of a system, which is recycle bin. It is normal that when we delete something, we don't immediately empty up the recycle bin. Another technique which this attack follows is getting the user into the confidence over the internet, and then luring him to gather some important information about him. So one should always stay active and should not share any type of personal information with one they meet at internet.
As the name suggests, this attack is done by tailing someone physically. Tailing means that one is followed physically and is followed to the places where he isn't allowed to be. They are the restricted sites. In the sense of security, it means compromising the physical security through following of someone through the door which is there to keep the intruders at arm's length. So the sum is that this is a type of social engineering where one who is not even authorized to get entered in some specific area, gets there by following someone is actually authorized. So, one should be well aware of the surroundings so that no one can get advantage of the privileges that he has.
Nothing in this world id perfect so as the security system. No matter how much it is claimed that some security system is flawless, there would always be some weak point where it can get hit pretty badly. Even though the system built can be so amazing, but there can be some part of it which is soft. That is, the people. In any system, it is beyond the suspicion that people are the soft targets so now hackers are turning them to use them as the weapons. One should know that the impersonation is one of the many social engineering methods which are pretty bad. They are used to gain some access to the network or the system so that the fraud can be committed or the identity can be theft. The impersonation also is different from the others forms of attacks since it incurs through people and no email or the phones are used for it. The social engineer can get involved into it himself and he can play some role of the one who is known by the user. Hence, the user would trust that person and fooling him to obtain access to the data would become an easy task. The system is set on the method that one would believe if he is told that other person is what he is. Hence, there would be the trust and one would not question the power and authority and the other person who is fake, would play the role easily. Here the manipulation of the victim is done consciously, to gather up some information without one having realized that some security breach is being incurred. But, there is some much preparation which is required in order to get this drama played. Now, some of the social engineers even prefer the email approach or the phone calls rather than personal appearance. No one can know that any of the impersonators was involved and one can get fooled quite easily by someone.
There are so many viruses' types which are out there in the cyber world and one of them is known as the virus hoax. The virus hoaxes can be pretty destructive since they might lead the user to ignore some virus warnings and hence, the user becomes an easy target for the destructive virus which can actually make some bad damaged. So one must know that if on receives some warning message about the virus, he should get it checked whether it is one of the hoaxes virus or not. Also, there is the tip. The attachment emails should not be opened rapidly and downloaded instantly. Reason is that those hoaxes can lay under them as well. Normally the websites now scan the attachments and the emails, but one can never know. So no matter if one knows the sender, the emails should be opened with some care.
Whaling is actually a kind of the phishing attack. The phishing attacks have many types and this specific attack is designed especially for the executives or the people who are sitting at some higher posts in a company. These attacks are well planned and hence are designed carefully and they are not easy to be caught.
One should know about phishing since it is one of the serious attacks. The phishing is actually an attempt which is made to get some sensitive information about one like the passwords, credit card details, usernames etc. the communication which is done in this case is done with the help of some social websites which are popular, some auction sites, online payments, banks sites etc. These sites and sometimes, the IT administrators too are used for luring the unsuspecting people. The phishing emails contain some links which are highly infected by some malwares. It is common practice that phishing is carried out through some instant messaging and the emails spoofing. It might happen that one opens up the email, and there is the link of the website and when one opens it up, it is same as the original website. The feels and the looks would be pretty much the same. They can be very similar and one might get fooled by it. So one can put in the personal information to log into it and hence his username and the password would be stored to the data base. One should know that the phishing is one of the special engineering methods which are used for the deceiving the users. Hence the current state of the web securities is spoiled greatly by this attack. There are some great deals of the incidents which have reported the phishing and they include some sure training, technical security steps, legislations and the public awareness as the measures to get rid of this attack. One must also know that this is a continuous threat which is getting grown day by day. The very famous websites which are related to social media like twitter, Facebook etc., this risk is gone too high. Now it is the common practice that many hackers use those websites to launch some attack on the user and hence user can become the target of these attacks no matter where he is. The worst thing about this technique is that it indicates some trusts and portrays it. It does it easily since one cannot know whether the website which is being shown is even real or not. When this thing happens, the hackers gets the chance to have access to some personal information like the usernames, credit cards numbers, security codes, passwords etc. One might remember the word fishing after hearing this name, and it makes sense since this word was generated from the word fishing.
Principles (reasons for effectiveness)Authority
The attacks can ensure that the authority is taken from the user and the attacker gets in into his hands. In some cases, it may happen that the authority isn't snatched from the user and attacker simple borrows it until he is done transferring the data or the money.
There are several intimidation levels involved. Like in the impersonator's case, the attack is done by someone while making one believe that the attacker is the good and authentic person hence some trust is developed. Same is done in the case is phishing where the fake website is created similar to the original one so one can get deceived easily.
One might not be able to find any social proof that who has done the attack and where the whole data is gone. Hence one can easily steal the data without leaving any social trace.
Some of the attacks, like virus hoax, are not that common so people don't know about it. Hence they don't prepare themselves for such attacks and there are so many people out there who don't even know what phishing attack are. So their inadequacy of knowledge is what leads the hackers into their files and hence the result is data loss.
The process of the hacking done in these cases is quick. There are many attacks which lure the people in by telling some offers which would end soon and hence the users fall into the trap of urgency and don't even think about the minor changes which can save them from being deceived.
Another important factor here which can help someone getting away from it is getting familiarity. If one is being attacked and he doesn't even realize it's an attack since he isn't familiar with the terms and the methods, then he can surely get trapped and can lose his data to the hackers.
There is something bad about the attacks, which is, that they sometimes portray some trust. Like in phishing, they act as if the website shown is real one and one might not even find any difference. In the case of hoax, the warnings come and go but one would think that they are normal. Hence one can develop so much trust and this can result into the success of the attack.
Hence, there are many of the tools of social engineering which can be used by the attackers. So, one should be aware of them all and should prepare himself to recognize them. It might be difficult for him to know whether the attack is being done but if someone has familiarity with the attacks, he can easily avoid them and can secure his data.