Human-based social engineering


In human-based social engineering  attacks, the social  engineer interacts directly   with the target to get information.

An example of this type of attack would be where the attacker calls the database administrator asking to reset the password for the targets account from a remote location by gathering the user information from any remote social networking site   of the XYZ company.

Human-based social engineering can be categorized as follows: 

•  Piggybacking: In this type of  attack the  attacker takes advantage by tricking authorized personnel to get inside a restricted area of the targeted company, such as the server room. For example, attacker X enters the ABC company as a candidate for an interview but later  enters a restricted area by tricking an authorized person, claiming that  he is a new employee of the company and so doesn’t have an employee ID, and using the targets ID card. 

•  Impersonating: In this type of  attack, a social engineer pretends to be a valid employee of the organization and gains physical access. This can be perfectly carried out in the real world by  wearing a suit or duplicate ID for the company. Once inside the premises, the social engineer can gain valuable information from a desktop computer. 

•  Eavesdropping: This is the  unauthorized listening to of communication between two people or the  reading of private messages. It can be performed using communication channels such as telephone lines and e-mails. 

•  Reverse social engineering: This  is when the attacker creates a persona that appears to be in a position of  authority. In such a situation, the target will ask for the information that they want.  Reverse engineering attacks usually occur in areas of marketing and technical support. 

•  Dumpster diving: Dumpster diving involves looking in the trash can for information written on pieces of  paper or computer printouts. The hacker   can often find passwords, filenames,  or other pieces of confidential information in trash cans. 

•  Posing as a legitimate end user: In this type of attack, the social engineer assumes the identity of a legitimate  user and tries to get the information, for example, calling the helpdesk and saying, “Hi, I am Mary from the X department. I do not remember my account password; can you help me out?”

Related Posts :- 
social engineering toolkit
Computer-based social engineering

Like us on Facebook :- Grey Hat Hackers

NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.
                               

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *