Footprinting through Social Engineering


The art of obtaining information from people by exploiting their weaknesses is called social engineering.  Social engineering is a non-technical technique in which an attacker knowingly induces a victim to provide confidential information. 

The goal of social engineering is to get the necessary confidential information and then utilise that information maliciously. Credit card information, social security numbers, usernames and passwords, other personal information, security products in use, OS and software versions, IP addresses, server names, network layout information, and so on may be obtained using social engineering. 

Social Engineering can be performed in many ways, such as eavesdropping, shoulder surfing, dumpster diving, impersonation, tailgating, third-party authorization, piggybacking, reverse social engineering and so on.

Eavesdropping

Eavesdropping is the act of secretly listening in on people's phones or video conference discussions without their consent. Reading sensitive messages from communication media such as instant messaging is also included. The attacker obtains information by listening in on phone calls or intercepting audio or written correspondence.

Shoulder Surfing

Shoulder surfing is a technique used by attackers to gather important information by discreetly observing the victim. An attacker monitors the victim's device's actions, such as keystrokes when inputting usernames, passwords, security codes, account numbers, credit card information, personal identification numbers, and similar data, from behind the victim. 

Dumpster Diving

This unsavoury approach, often known as trashing, includes the attacker digging through garbage cans for information. Phone bills, contact information, financial information, operations-related information, printouts of source codes, printouts of sensitive information from the target company's trash bins, printer waste bins, sticky notes at user's desks, and other such data may be obtained by the attacker. Account information may potentially be obtained via ATM trash bins by the attacker. 

Impersonation

Impersonation is a technique in which an attacker impersonates a real or authorised person. The attacker could pose as a courier/delivery person, caretaker, businessman, customer, technician, or even a guest. An attacker uses this strategy to collect sensitive information by scanning terminals for passwords, searching critical documents on desks, digging through dumpsters, and so on. The attacker may even attempt to overhear confidential conversations and "should surf" for sensitive information.

You might be interested in, 

No comments:

Post a Comment