Social Engineering

Today I discover what Social Engineer is.

     Social engineering, in the context of Information Security, is understood to mean the art of manipulating people into performing actions or divulging confidential information.

This is a type of confidence trick for the purpose of information gathering, fraud, or gaining computer system access. It differs from traditional cons in that often the attack is a mere step in a more complex fraud scheme.

"Social engineering" as an act of psychological manipulation had previously been associated with the social sciences, but its usage has caught on among computer and information security professionals.

Techniques and terms

All social engineering techniques are based on specific attributes of human decision- making known as cognitive biases. These biases, sometimes called "bugs in the human hardware," are exploited in various combinations to create attack techniques, some of which are listed here:

Pretexting

Pretexting (adj. pretextual), also known in the UK as blagging or bohoing, is the act of creating and using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances. An elaborate lie, it most often involves some prior research or setup and the use of this information for impersonation (e.g., date of birth, Social Security number, last bill amount) to establish legitimacy in the mind of the target.

This technique can be used to fool a business into disclosing customer information as well as by private investigators to obtain telephone records, utility records, banking records and other information directly from company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager, e.g., to make account changes, get specific balances, etc.

Pretexting can also be used to impersonate co-workers, police, bank, tax authorities, clergy, insurance investigators — or any other individual who could have perceived authority or right-to-know in the mind of the targeted victim. The pretexter must simply prepare answers to questions that might be asked by the victim. In some cases, all that is needed is a voice that sounds authoritative, an earnest tone, and an ability to think on one's feet to create a pretextual scenario.

Diversion theft

Diversion theft, also known as the "Corner Game" or "Round the Corner Game", originated in the East End of London.

In summary, diversion theft is a "con" exercised by professional thieves, normally against a transport or courier company. The objective is to persuade the persons responsible for a legitimate delivery that the consignment is requested elsewhere-hence, "round the corner".
So, it's all depend on you to always verify the source of any request asking your confidential details in order not to fall vistim.
Get the best out of your day.

Related Tags: Social engineering (security),Information Security

                        Tricks