The art of obtaining information from people by exploiting their weaknesses is
called social engineering. Social engineering is a non-technical
technique in which an attacker knowingly induces a victim to provide
confidential information.
The goal of social engineering is to get the necessary confidential
information and then utilise that information maliciously. Credit card
information, social security numbers, usernames and passwords, other personal
information, security products in use, OS and software versions, IP addresses,
server names, network layout information, and so on may be obtained using
social engineering.
Social Engineering can be performed in many ways, such as eavesdropping,
shoulder surfing, dumpster diving, impersonation, tailgating, third-party
authorization, piggybacking, reverse social engineering and so on.
Eavesdropping
Eavesdropping is the act of secretly listening in on people's phones or
video conference discussions without their consent. Reading sensitive
messages from communication media such as instant messaging is also
included. The attacker obtains information by listening in on phone calls or
intercepting audio or written correspondence.
Shoulder Surfing
Shoulder surfing is a technique used by attackers to gather important
information by discreetly observing the victim. An attacker monitors the
victim's device's actions, such as keystrokes when inputting usernames,
passwords, security codes, account numbers, credit card information,
personal identification numbers, and similar data, from behind the
victim.
Dumpster Diving
This unsavoury approach, often known as trashing, includes the attacker
digging through garbage cans for information. Phone bills, contact
information, financial information, operations-related information,
printouts of source codes, printouts of sensitive information from the
target company's trash bins, printer waste bins, sticky notes at user's
desks, and other such data may be obtained by the attacker. Account
information may potentially be obtained via ATM trash bins by the
attacker.
Impersonation
Impersonation is a technique in which an attacker impersonates a real or
authorised person. The attacker could pose as a courier/delivery person,
caretaker, businessman, customer, technician, or even a guest. An attacker
uses this strategy to collect sensitive information by scanning terminals
for passwords, searching critical documents on desks, digging through
dumpsters, and so on. The attacker may even attempt to overhear confidential
conversations and "should surf" for sensitive information.
You might be interested in,
- Phases of Hacking
- Introduction to Footprinting - First Step to Hacking
- Information Obtained in Footprinting
- Objective and Threats of Footprinting
- Countermeasures of Footprinting
- Footprinting - First Step on Hacking (Summary) with Tools
We hope this helps. If you have any suggestions or doubts you can add a
comment and we will reply as soon as possible.
No comments:
Post a Comment