Social Engineering : Hacking the human mind
Social Engineering is a term that has been popular amongst hackers since more than 30 years now. It can also be looked as the art to hack the human brain using flaws in human psychology.
So what is Social Engineering?
Social Engineering is basically the psychological manipulation of the human mind used to divulge confidential information. In simple terms it relies on human interaction and is used to trick the other person to break security procedures.
A social engineer has to run a “con game”. For example, a hacker using social engineering to hack into a telecom network might try to gain confidence of an authorised personnel and getting them to spill out info about the network’s security. Social engineers exploit weaknesses (like the helpful human nature)in the human psychology to get there job done.
Here an apple customer support was tricked using social engineering.
It is generally always needed in a successful hack. Like for example if you want to hack someones facebook account using a phishing page, you will first make him believe that the page is real. So using social engineering techniques you can simply make him believe that the link is from facebook’s customer service or something similar.
Kevin Mitnick was popular for his social engineering tricks by which he broke into various computer networks and was in FBI’s most wnated list for 2 years!
Maybe if you want to get a keylogger on someones PC you can make him/her believe you are the system maintenance person and drop in the keylogger. Appeal to vanity, appeal to authority, appeal to greed, and old-fashioned eavesdropping are other typical social engineering techniques.
Common Social Engineering Tricks :
1. Tailgating : As an example following an authorised person who has the key and as common courtesy he will hold the door open for you.
2. Pretext Calling : Phone calls to obtain sensitive information.
3. Staff impersonation
5. Baiting : Trojan horse technique