Social engineering. Hacking of the human mind

21.05.18 в 13:31 Other 10528

Let's be frank: social engineering - about the methods of hacking and those very hacker attacks against which the security departments of the largest companies are trying to build a powerful defense. It's not just about computer security: using social networks or a phone, hacker can get any data.

The methods of "classic" hacking change after security systems, but no matter how powerful a system you build, there will always remain a weak link - the human brain.

To illustrate the attack of a "social engineer" it is possible by the example of the classical scheme of fraud.

The victim is called by an attacker. Introducing himself as a bank employee, he says that it is necessary to check the level of security in Internet banking, and asks for the login and password, and then the SMS code that came to the victim right after she called the password and login. The attacker thanks and disconnects. After a while, the victim goes into the Internet bank or attempts to withdraw money from the card and discovers that they have disappeared. They raise their hands in the bank, they tell the police about fraud.

All you need is a fraudster to find out your details and get access to the accounts - specify the bank in which you hold the card and play on trust. Everyone who uses or does not use the Internet bank gets caught in this trap.

Catching on live bait

If in the case described above potential victims will be saved by the wide publicity of the fraud scheme, then with the methods used to penetrate to the organizations' databases, it is much more difficult to fight. No matter how carefully you protect your data, all employees can let you down. And not only employees - leaders become victims too.

The hacker does not have to take any action. It's enough to place traps and wait for the victim. A typical example is false technical support.

Looking at the reception in the office of a large firm and waiting for the employee to leave, the hacker pastes a sticker with the number of technical support that allegedly cooperates with the company. A sticker can even be on the employee's computer. No one will pay attention to the new sticker if there are a lot of them, and nobody will suspect the deception, especially if several people are working at the computer.

When the computer has problems, the employee will dial the number of fake technical support from the sticker and call. The hacker will find out the necessary information. Of course, an ordinary employee is unlikely to give access to the accounts of the company, but the attacker will receive his piece of data, which means he will be able to move on to the next stage.

All that a hacker needs is a few seconds to put a sticker.

Classic phishing

Simple IP Spoofing of the site or page address - and the hacker gets at his disposal the victim's login and password. Creating phishing sites is not easy, but very simple: just copy the design and "pull" it to any suitable CMS. It remains to extend the link. Users rarely look at the address of the page and do not pay attention to the substitution of one or two letters. Once they are on a phishing site, they quietly enter their data.

Phishing techniques are used both for corporate network intrusion, and for hacking accounts in social networks. "Why hack into an account if access to it is simply restored?" - ordinary users will ask. And they will be wrong. Having received access, the scammer will start to write to friends of the user and ask for money "in debt".

How to fight with social engineering?

Methods of social engineering should be known not only to computer security specialists. About the most common methods, methods that can be used by hackers, you need to tell users of sites and employees of the company to conduct trainings. This is the only way to protect data from theft.

In addition, you can use other methods. In the companies can work:

  • a clear separation of levels of access to information;
  • communicating through messengers with video chat;
  • transfer of important data only within the corporate network or portal;
  • the maximum removal of computers, employees engaged in important work, from visitors.

Alas, neither technically, nor by rules, nor by permanent trainings, it will not be possible to protect data from attacks by means of social engineering. Hack can be any, the most secure system (and not only computer), the question is only in time and price.

Attention! Our company does not recommend illegal activities and calls for compliance with established laws.

Comments

Sign in to comment
Popular

Together with wide opportunities the Internet carries a number of dangers. First of all, when it comes to anonymity and security.

Initially, the World Wide Web was conceived as a space without borders, where you can get absolutely any information on an anonymous basis.

In today's world, it becomes more difficult to keep personal and corporate data in secret, so the issue of information security is becoming more acute every day.

In the recent past by the standards of the development of information technologies, in 2015 Google created artificial intelligence based on neural networks, which was able to analyze the condition around itself and draw conclusions about its further education. The name of the new offspring from Google was given in abbreviated from the term "deep Q-network" - DQN. The DQN started training in common arcade games (Pakman, Tennis, Space Invaiders, Boksing and other classics).

Good afternoon! Now we are talking about such an important topic in our time, as an opportunity to bypass the blocking of sites. The problem is very relevant in our country

New

In this article we'll talk about TOR and its place in ensuring anonymity on the Internet, and how to use Tor Browsers on Windows 10 and Android.

Not every place on the Internet is easily accessible nowadays. Many websites get blocked or they set restrictions on their visitors themselves. So how to retain access to the content you need? We'll explain it in this article.

This article explains why some American websites are unavailable to foreign users and how to circumvent these restrictions using American proxy servers.

The article briefly describes the principles of using proxies, choosing the appropriate type and degree of anonymity. It also describes the main areas of using anonymous proxies and their requirements.

Hiding a user's IP address on the Web is not that difficult. Many methods have been developed for this purpose. In this article, we reviewed the most popular ones. What is the difference between a proxy and a VPN? Why does the TOR network provide high anonymity? You can read all this here!

Contact Us
Support
Sergei
Have you got any question?

Click here and we’ll answer