How Social Engineering attacks occurs?

Let's try to understand the concept of social engineering attacks using examples.

Example 1

It is necessary to be aware that old company files are thrown into the trash bin as trash. These files may contain confidential information such as name, phone number, account number, social security number, address, etc. Many companies still use carbon paper on fax machines and when done they may put carbon in the recycle bin and there may be traces of confidential data. Although it may not be possible, an attacker can easily retrieve information from company garbage by stealing garbage.

Example 2

An attacker can contact a company staff for a period of time and establish a good relationship with him. This relationship can be established online via social networks, chat rooms, coffee tables, playgrounds and so on. The attacker trusts the office staff and unlocks the necessary confidential information without giving hints in the end.

Example 3

Social engineers can conceived themselves as identity cards or persuade employees to work within the company as if they are employees, legitimate users or VIPs. Such an attacker can acquire physical access to the restricted area and increase the chance of attack.

Example 4

It happens in most of the cases that an attacker might be around you and can do shoulder surfing while you are typing sensitive information like user ID and password, account PIN, etc.

Phishing Attack

Phishing attacks are computer-based social projects, and attackers create email to make it look legitimate. This mail has the same appearance and feel as the original site, but there is a possibility that a link to a fake site is included. If you are not smart enough, trying to login by entering your user name and password will cause a failure. At that point, the attacker will attack your original account with your identity and password.

Quick Fix

1. You need to implement the necessary training so that you can implement an excellent security strategy within your organization and understand the social engineering attacks and results that all employees can do.

2. File crushing must be an essential activity of your company.

3. Please confirm that the link received by e-mail is the correct source and points to the correct site. Otherwise, you may eventually become a victim of phishing scams.

4. Either way it is professional, please do not share your identity and password with anyone.

Join Us on Facebook :)