As Technology advances in today world, it’s getting hard for people to penetrate system without first exploiting the human behavior. like what Terry Pratchett said “They say a little knowledge is a dangerous thing, but it’s not one half so bad as a lot of ignorance”. Today we’ll take a look at Social Engineering, where it involves convincing people to perform actions they would not normally do.
Different Types of Social Engineering
There are many types of social engineering attacks, but they can be broadly split into physical social engineering, when the attacker attempts to gain physical access to a sensitive office or location, and remote social engineering, when the attacker attempts to gain access to information or resources remotely, for example, over the phone or via email. Some social engineering attack combine the two; for example. The physical breach may follow a series of remote social engineering attempts. Often social engineering is combined with a technical attack such as what we spoke earlier on here, making for an extremely effective and dangerous assault. Today we explain 2 types of social engineering attacks that are usually reflected in the various social engineering attacks.
Physical Social Engineering
In a physical social engineering attack, the social engineer attempts to gain access to a physical location. He may do this via various methods, including
- Impersonation or false pretenses, for example, pretending to be a member of staff or a third party who has authorized access to the location
- Tailgating A.K.A following someone through an entrance without the person knowing or piggybacking (following someone through an entrance with that person knowledge or permission)
- Taking advantage of weakness in the physical security system, for an example, disabling the CCTV systems so security guards can’t see the breach as it is happening or bypassing a fingerprint scanner using various methos
Dumpster diving involves going through the dumpsters or trash cans of the target organization to discover potentially sensitive information or information that can be used to further an attack. Anything from printed out snippets of code to discarded computers or electronic media. Dumpsters, both internal and external, provide rich picking for social engineers, so it is important to discard sensitive information appropriately.
That’s it for now!
8 GB Technologies