Social engineering. Hacking of the human mind

21.05.18 в 13:31 other 1018

Let's be frank: social engineering - about the methods of hacking and those very hacker attacks against which the security departments of the largest companies are trying to build a powerful defense. It's not just about computer security: using social networks or a phone, hacker can get any data.

The methods of "classic" hacking change after security systems, but no matter how powerful a system you build, there will always remain a weak link - the human brain.

To illustrate the attack of a "social engineer" it is possible by the example of the classical scheme of fraud.

The victim is called by an attacker. Introducing himself as a bank employee, he says that it is necessary to check the level of security in Internet banking, and asks for the login and password, and then the SMS code that came to the victim right after she called the password and login. The attacker thanks and disconnects. After a while, the victim goes into the Internet bank or attempts to withdraw money from the card and discovers that they have disappeared. They raise their hands in the bank, they tell the police about fraud.

All you need is a fraudster to find out your details and get access to the accounts - specify the bank in which you hold the card and play on trust. Everyone who uses or does not use the Internet bank gets caught in this trap.

Catching on live bait

If in the case described above potential victims will be saved by the wide publicity of the fraud scheme, then with the methods used to penetrate to the organizations' databases, it is much more difficult to fight. No matter how carefully you protect your data, all employees can let you down. And not only employees - leaders become victims too.

The hacker does not have to take any action. It's enough to place traps and wait for the victim. A typical example is false technical support.

Looking at the reception in the office of a large firm and waiting for the employee to leave, the hacker pastes a sticker with the number of technical support that allegedly cooperates with the company. A sticker can even be on the employee's computer. No one will pay attention to the new sticker if there are a lot of them, and nobody will suspect the deception, especially if several people are working at the computer.

When the computer has problems, the employee will dial the number of fake technical support from the sticker and call. The hacker will find out the necessary information. Of course, an ordinary employee is unlikely to give access to the accounts of the company, but the attacker will receive his piece of data, which means he will be able to move on to the next stage.

All that a hacker needs is a few seconds to put a sticker.

Classic phishing

Simple IP Spoofing of the site or page address - and the hacker gets at his disposal the victim's login and password. Creating phishing sites is not easy, but very simple: just copy the design and "pull" it to any suitable CMS. It remains to extend the link. Users rarely look at the address of the page and do not pay attention to the substitution of one or two letters. Once they are on a phishing site, they quietly enter their data.

Phishing techniques are used both for corporate network intrusion, and for hacking accounts in social networks. "Why hack into an account if access to it is simply restored?" - ordinary users will ask. And they will be wrong. Having received access, the scammer will start to write to friends of the user and ask for money "in debt".

How to fight with social engineering?

Methods of social engineering should be known not only to computer security specialists. About the most common methods, methods that can be used by hackers, you need to tell users of sites and employees of the company to conduct trainings. This is the only way to protect data from theft.

In addition, you can use other methods. In the companies can work:

  • a clear separation of levels of access to information;
  • communicating through messengers with video chat;
  • transfer of important data only within the corporate network or portal;
  • the maximum removal of computers, employees engaged in important work, from visitors.

Alas, neither technically, nor by rules, nor by permanent trainings, it will not be possible to protect data from attacks by means of social engineering. Hack can be any, the most secure system (and not only computer), the question is only in time and price.

Attention! Our company does not recommend illegal activities and calls for compliance with established laws.




伴随着会联网的广泛使用,随之带来一系列的危险。首先涉及到匿名和安全性。如果信息不设防范手段,您的数据很可能被入侵 — 这里举个例子,关于在公用网络中的私人的信件。

最初的互联网预想让空间没有国界化,无论在在那里都可以绝对匿名地获取任何信息。现在很多国家都出现了禁止访问某些资源的情况 。

12月 2017


In the recent past by the standards of the development...

Good afternoon! Now we are talking about such an important...


So, it happened! Rumors, which excited the IT community for...

Attack on crypto-currencies from the states. From the ban on...

The new Regulation of the GDPR on tougher measures to...

The methods of "classic" hacking change after security systems, but...

​The most common methods for organizing network anonymity are the...