Social engineering. Hacking of the human mind

21.05.18 в 13:31 Other 15035

Let's be frank: social engineering - about the methods of hacking and those very hacker attacks against which the security departments of the largest companies are trying to build a powerful defense. It's not just about computer security: using social networks or a phone, hacker can get any data.

The methods of "classic" hacking change after security systems, but no matter how powerful a system you build, there will always remain a weak link - the human brain.

To illustrate the attack of a "social engineer" it is possible by the example of the classical scheme of fraud.

The victim is called by an attacker. Introducing himself as a bank employee, he says that it is necessary to check the level of security in Internet banking, and asks for the login and password, and then the SMS code that came to the victim right after she called the password and login. The attacker thanks and disconnects. After a while, the victim goes into the Internet bank or attempts to withdraw money from the card and discovers that they have disappeared. They raise their hands in the bank, they tell the police about fraud.

All you need is a fraudster to find out your details and get access to the accounts - specify the bank in which you hold the card and play on trust. Everyone who uses or does not use the Internet bank gets caught in this trap.

Catching on live bait

If in the case described above potential victims will be saved by the wide publicity of the fraud scheme, then with the methods used to penetrate to the organizations' databases, it is much more difficult to fight. No matter how carefully you protect your data, all employees can let you down. And not only employees - leaders become victims too.

The hacker does not have to take any action. It's enough to place traps and wait for the victim. A typical example is false technical support.

Looking at the reception in the office of a large firm and waiting for the employee to leave, the hacker pastes a sticker with the number of technical support that allegedly cooperates with the company. A sticker can even be on the employee's computer. No one will pay attention to the new sticker if there are a lot of them, and nobody will suspect the deception, especially if several people are working at the computer.

When the computer has problems, the employee will dial the number of fake technical support from the sticker and call. The hacker will find out the necessary information. Of course, an ordinary employee is unlikely to give access to the accounts of the company, but the attacker will receive his piece of data, which means he will be able to move on to the next stage.

All that a hacker needs is a few seconds to put a sticker.

Classic phishing

Simple IP Spoofing of the site or page address - and the hacker gets at his disposal the victim's login and password. Creating phishing sites is not easy, but very simple: just copy the design and "pull" it to any suitable CMS. It remains to extend the link. Users rarely look at the address of the page and do not pay attention to the substitution of one or two letters. Once they are on a phishing site, they quietly enter their data.

Phishing techniques are used both for corporate network intrusion, and for hacking accounts in social networks. "Why hack into an account if access to it is simply restored?" - ordinary users will ask. And they will be wrong. Having received access, the scammer will start to write to friends of the user and ask for money "in debt".

How to fight with social engineering?

Methods of social engineering should be known not only to computer security specialists. About the most common methods, methods that can be used by hackers, you need to tell users of sites and employees of the company to conduct trainings. This is the only way to protect data from theft.

In addition, you can use other methods. In the companies can work:

  • a clear separation of levels of access to information;
  • communicating through messengers with video chat;
  • transfer of important data only within the corporate network or portal;
  • the maximum removal of computers, employees engaged in important work, from visitors.

Alas, neither technically, nor by rules, nor by permanent trainings, it will not be possible to protect data from attacks by means of social engineering. Hack can be any, the most secure system (and not only computer), the question is only in time and price.

Attention! Our company does not recommend illegal activities and calls for compliance with established laws.


Sign in to comment

Do you need to use a proxy server to increase your anonymity on the Internet? Not sure how to set up a proxy properly before you start? In this article, we will try to answer all the questions that arise when you first try to connect to the network through a single proxy server on Windows 10.

Together with wide opportunities the Internet carries a number of dangers. First of all, when it comes to anonymity and security.

Initially, the World Wide Web was conceived as a space without borders, where you can get absolutely any information on an anonymous basis.

In today's world, it becomes more difficult to keep personal and corporate data in secret, so the issue of information security is becoming more acute every day.

In the recent past by the standards of the development of information technologies, in 2015 Google created artificial intelligence based on neural networks, which was able to analyze the condition around itself and draw conclusions about its further education. The name of the new offspring from Google was given in abbreviated from the term "deep Q-network" - DQN. The DQN started training in common arcade games (Pakman, Tennis, Space Invaiders, Boksing and other classics).


The Dolphin{anty} browser, which has made some noise in affiliate marketing, is a familiar tool for those who drive traffic through social networks or media and contextual advertising services. In the article we will talk about this antidetect and explain how to configure a proxy in it.

With the advent of Node.js, the development of JavaScript as one of the most powerful and user-friendly languages ​​for web scraping and data parsing has accelerated significantly. Node.js is one of the most popular and fastest growing software platforms. Its main purpose is to execute JavaScript code without the participation of a browser.

Receiving big volumes of data from websites for its following analysis plays a key role for plenty of projects. Target resource structure analysis and scraping of the relevant information are often connected to blocks or access restriction issues from website administration.

If you’re looking for a package of residential or mobile proxies with the ability to work with a particular country or ISP, the best option is definitely Exclusive Mix. With it you will be able to download the list which consists of proxies from preliminarily chosen countries and carriers, flexibly filtering it for your needs.

How to web scrape with python? It's a question that many beginners have. At the entry level, the process is quite simple, and anyone can quickly get their project off the ground. However, to successfully work on such a task, you should not forget about many aspects, which are not easy to understand at once.

Have you got any question?

Click here and we’ll answer