What is Social Engineering? Can we call it human deception engineering?
I had questions in my mind about what social engineering is, for what purposes it can be used and how I can improve myself in this regard. Because of these question marks, I started researching and thought it would be good to share the information I obtained here.
Let’s first look at the dictionary definition of social engineering..
Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
The key name that made the definition of social engineering so popular is the world-famous hacker Kevin Mitnick.
Even if you have security systems, secure software, firewalls, physically hard-to-reach offices, armed security guards, it is almost impossible to predict or prevent a social engineering attack.
So how does social engineering work?
In fact, the phrase ‘social engineering’ targets universal human traits, not codes. To give an example, these human characteristics are generally: curiosity, trust, kindness, openness to manipulation.
What are the types of Social Engineering attacks?
- Phishing attacks:
Phishing attacks are usually attacks to access sensitive and confidential information such as usernames, passwords, credit card information, network credentials. Cyber attackers use social engineering to masquerade as a normal individual or organization over the phone or email, manipulating victims to perform certain actions — such as clicking on a harmful link or attachment — or willingly reveal confidential information.
The purpose here is; is to convince the person receiving the e-mail that there is something in the message that they want or need — such as a request from a customer bank or an e-mail from a colleague at his company. Phishing scams use phone calls, phone calls, other than email, to trick victims into providing sensitive information.
2. Whaling
Whaling means “whaling” and is a type of phishing in which the attacker pretends to be a senior official (an official as big as a whale) of a particular company.
3. Baiting
Baiting technique is known as a social engineering technique that uses human curiosity. The feature that distinguishes the baiting technique from other social engineering techniques is that it approaches the victim with the promise of goodness. For example, a software update may be requested from a user in the virtual world. In the real world, an example of USB can be given that arouses curiosity in everyone. A social engineer who wants to target an institution can leave a USB stick in the garden of the institution during the lunch break, so that an employee of the institution can take the USB stick and open it on the corporate computers. Thus, baiting social engineering technique can result successfully.
And finally, I would like to end with the words of Kevin Mitnick.
“Social engineering bypasses all technologies, including firewalls.”
