Five typical Social engineering tactics
-Clearly, the internet has become an amazing expansion of our world. however, with such new advances that have taken place currently, people can do more good, or bad; that ever before. unlikely there are those who have chosen to do harm and they quickly learn how to take over companies by using the internet. while amateur hackers tend to take over company information through malware, these hackers use their charm and investigation skills to get company information from employees, these tactics are all part of a tremendous attack known as social engineering Social engineering is the non-technical cracking of information security (IS). It applies deception for the sole purpose of gathering information, fraud or system access.
Phishing is a common social engineering technique; the idea is obtaining pieces of information by trying to seem legitimate and creating fake sites that are clones of legitimate sites to recover passwords and other personal information, For example, a phisher may send an email to addresses at a target company asking a user to verify security information. The email is made to appear legitimate and from the IT staff or senior management, along with a warning for major consequences if the required information is not provided. They take the information that they know about you and use it to manipulate you into trusting them.
Pretexting This system works by generating a sense of trust between the victim and the attacker to acquire the company information they usually start by a conversation over the phone after digging your social media and learn more about you. the social engineer begins to commune with the front lines people such as sales staff and receptionist. the SE uses the information found online to their advantage.
Dumpster diving it's literally digging into the organization garbage for information that can be used to access a company's network. Companies often discard sensitive information, including system manuals, which intruders use to access information systems. In some cases, un-erased and complete hard drives with extremely sensitive information are discarded, allowing a dumpster diver to easily boot up and obtain information.
Quid Pro Quo it is all about creating a sense that both you and the person contracting you will benefit from your interaction it allows the hacker to disguise under a companies name they could have easily recreated.
Tailgating is the practice of the following someone into the protected facility without the need of showing any form of identity.they have more chances in tailgating if they ever encountered with someone and started a conversation within the company. To sum up, the best way to protect your company is to instruct employees about keeping the companies information hidden and safe.
