Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Seven Deadly Sins of Social Engineering
#1
What is Social Engineering?

Social engineering is the psychological manipulation of people into performing actions or divulging confidential information for the attacker. Social engineering is exploiting flaws in human beings, making the victim do things that they wouldn’t otherwise have done. Social engineering is an attack vector, a means to an end; It is not the goal but a way to get there. Humans are the soft center within the hard shells of all modern security systems. Cracking the humans is often a lot easier than cracking these systems.

There are weaknesses in every system and humans are no exception. So let’s take a look at a few of our behaviors and tendencies that leave us open. Hold on to your faith in humanity, it’s about to be tested.

What are the Weaknesses?

1 Greed
One of the most commonly exploited human weaknesses in social engineering is greed: offer people something they want. Greed is a weakness that makes us all vulnerable. If you were thinking these types of attacks don’t happen anymore, think again. Each year, hundreds of millions of phishing emails are sent out. Of course, they are only successful against victims who are quite gullible but the numbers are on the attacker’s side. Only one out of hundreds or thousands of victims need to comply and the attacker’s endeavor can turn out to be quite profitable.

2 Fear
Another weakness is fear. Fear can take on many forms. Fear can be a powerful tool and wreak havoc in the hands of a malicious attacker.

3 Urgency
Setting a time limit on the threat puts it into very real terms from the point of view of the victim. If they truly believe that they must obey now, they may not act rationally and give in to the demands that they otherwise wouldn’t have. It isn’t just hackers though, the sense of urgency is actively exploited by companies and marketers to make you buy something. You’ve probably seen advertisements trying to exploit this vulnerability:

“Offer valid only for the next 24 hours!”
“Call now to get a 20% discount!”

Make no mistake, this is just as much social engineering as the above examples. Exploiting urgency can often multiply the chances of making the victim do something that they wouldn’t have done otherwise.

4 Curiosity
The most obvious example of exploiting our curiosity is clickbait. You’ve definitely seen titles such as these:

Top 5 things YOU NEED TO KNOW about hacking etc.
You won’t believe what happened next!!

They’re not trying to be factually correct, they’re not even attempting to provide you any value. They have one goal, do whatever it takes to get you to click. And if the front page of websites like BuzzFeed or even YouTube is any indication, the effectiveness of clickbait is astounding. And this makes our curiosity one of the most exploited human traits of all.

5 Sympathy
We might not think of sympathy as a weakness, but even when we’re at our most humble and kind, there are those who will try to exploit it.

6 Respect for Authority
Your TV stops working. You call the TV guy. In a while, a person that looks like a TV guy shows up at your door. How often do people check their TV guy’s identification? When a person looks and acts in a specific manner, we automatically begin to form expectations, an image in our minds based on our past experiences.

7 Inattention
Nearly all social engineering attacks can be defended against if only we remain constantly vigilant. Every single attack above relies on you not looking too closely at something, like the URL in a phishing attack. Even real-life scams and frauds count on you being ill-informed, inattentive and gullible.

Your browser might warn you if a website looks malicious, your email service might smartly put the most obvious attacks in your spam folder, but in the end, you stand alone.
It is up to you to learn how to better protect yourself against whatever the internet (and beyond) can throw at you.

So these were the seven deadly sins of social engineering. By being aware of your weakness, you’ll be better able to defend yourself against all kinds of social engineering attacks. - InternetProxy
[Image: YobKHCg.gif]


Forum Jump:


Users browsing this thread: 1 Guest(s)