Skip to main content

Human-based social engineering


In human-based social engineering  attacks, the social  engineer interacts directly   with the target to get information.

An example of this type of attack would be where the attacker calls the database administrator asking to reset the password for the targets account from a remote location by gathering the user information from any remote social networking site   of the XYZ company.

Human-based social engineering can be categorized as follows: 

•  Piggybacking: In this type of  attack the  attacker takes advantage by tricking authorized personnel to get inside a restricted area of the targeted company, such as the server room. For example, attacker X enters the ABC company as a candidate for an interview but later  enters a restricted area by tricking an authorized person, claiming that  he is a new employee of the company and so doesn't have an employee ID, and using the targets ID card. 

•  Impersonating: In this type of  attack, a social engineer pretends to be a valid employee of the organization and gains physical access. This can be perfectly carried out in the real world by  wearing a suit or duplicate ID for the company. Once inside the premises, the social engineer can gain valuable information from a desktop computer. 

•  Eavesdropping: This is the  unauthorized listening to of communication between two people or the  reading of private messages. It can be performed using communication channels such as telephone lines and e-mails. 

•  Reverse social engineering: This  is when the attacker creates a persona that appears to be in a position of  authority. In such a situation, the target will ask for the information that they want.  Reverse engineering attacks usually occur in areas of marketing and technical support. 

•  Dumpster diving: Dumpster diving involves looking in the trash can for information written on pieces of  paper or computer printouts. The hacker   can often find passwords, filenames,  or other pieces of confidential information in trash cans. 

•  Posing as a legitimate end user: In this type of attack, the social engineer assumes the identity of a legitimate  user and tries to get the information, for example, calling the helpdesk and saying, "Hi, I am Mary from the X department. I do not remember my account password; can you help me out?"

Related Posts :- 
social engineering toolkit
Computer-based social engineering

Like us on Facebook :- Grey Hat Hackers

NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.
                               

Comments

  1. This is very educational content and written well for a change. It's nice to see that some people still understand how to write a quality post!

    ReplyDelete

Post a Comment

Popular posts from this blog

Social Engineering Toolkit (SET)

Social Engineering Toolkit  (SET) is an advanced,  multifunctional, and easy-to-use computer-assisted social engineering toolset, created by the founders of  TrustedSec (https://www.trustedsec.com/). It helps you prepare the most effective way to exploit client-side application vulnerabilities and makes a fascinating attempt to capture the target's confidential information (for example, e-mail passwords). Some of the most efficient and useful attack methods employed by SET include targeted phishing e-mails with a malicious file attachment, Java applet attacks, browser-based exploitation, gathering website credentials, creating infectious portable media (USB/ DVD/CD), mass-mailer attacks, and other similar multiattack web vectors. This combination of attack methods provides you with a powerful platform to utilize and select the most persuasive technique that could perform an advanced attack against the human element.

 To start SET, navigate to  Applications  |  Kali Linux  |  Expl…

Cracking Wifi Using :Fern(GUI)

Fern(GUI)

As a part of Kali linux , fern can be directly used from kali linux , i would be recommending the use of kali because while using other linux environments it could be a trouble because while using fern it automatically detects the path of aircrack-ng and python installed , while in other environments it is needed to set it manually...so follow the following steps :-->

1.) Download kali linux iso and make a bootable pendrive .....if you dont know how to make bootable pendrive  then follow the steps given in blog of trinity rescue kit

Kali linux iso (amd64) recommended -->here
Link to trinity rescue kit blog --> here


 2.)Open Kali linux Goto Applications-->Wireless Attack--> Fern

3.)Select Interface card wlan0

4.)Double click any where in GUI

5.)Select enable x-terms ...so that you can view that happening ...while through a automated program...

6.)Click on select network

7.)Choose the type of network that is WEP/WPA

8.)I would recommend to add dictonary file ..…

Deep Web - Part 1

What is deep web ?

Deep web Aka Invisible web Aka Hidden web are parts of the world wide web whose contents are not indexed by standard search engines.
LEVELS OF WORLD WIDE WEB :
SURFACE WEBBERGIE WEBDEEP WEBCHARTER WEBMARIANAS WEB SURFACE WEB :
The surface web also known as Visible web , Clearnet , Indexed web or Lightnet is that portion of the world wide web that is readily available to the general public and searchable with standard web search engines. Level of web where vast majority of internet users are connected to and which is accessible in any nation that does not block internet access.E.g: Social media sites like Facebook, informational websites like Wikipedia, general websites, etc

BERGIE WEB :

It is the part of world wide web that is not indexed by search-engines,which is directly accessible and no proxy required. E.g: Google locked results, recently web crawled old content, pirated media, pornography etc
DEEP WEB:
Deep web Aka Invisible web Aka Hidden web are parts of the wo…