Wifi Password Recovery - UTM - Vulnerability Scanning


VIP LOUNGE
CLOUD LOGIN
Sun Sun Sun

You are here: Resources > Top 10 Social Engineering Tactics

Top 10 Social Engineering Tactics

Learn more about Social Engineering. 
The easiest way to describe social engineering is to compare it to a con artist, or even P.T. Barnum himself. To be true, the quote, "There's a sucker born every minute," might as well be gospel to a typical social engineer. More to the point, social engineering is a process wherein someone uses influence, deception, and persuasion to get information that would otherwise be unavailable to them (which is also known as fraud). At any rate, here are the top ten social engineering tactics people use to gain access to most anything manmade in the world.
 
1.           Alcohol: It's a scarily effective way to get the information you want out of a so-called security expert or corporate executive. It's not just the hard drinks that does people in, though; it's a combination of their lowered guards, their inebriation, and the ambiance of the bar that compels them to spill the beans and disclose information they normally wouldn't share.
 
2.           Sex: You really don't need fancy cracking programs, hacking devices, and whatnot to steal the information you need. Before the concept of firewalls was even formulated, sex (or at the very least, sex appeal) has been used to manipulate targets into divulging their personal secrets with you (pillow talk, if you will), which may include work-related data.
 
3.           Neuro-Linguistic Programming: A social engineer should be an expert at manipulating the human mind. Ergo, understanding NLP (neuro-linguistic programming) is a must. When done right, NLP allows a social engineer to subtly use a careful choice of words and his body language in order to earn the confidence of an intended mark. Understanding behavior profiling and personality styles will make this technique even more effective as well.
 
4.           Social Networks: If manipulating people through human psychology techniques just isn't your thing, then perhaps a little bit of social network research is in order. Sites like MySpace and Facebook are a social engineer's paradise because it's a virtual treasure trove of personal and corporate information. If you want, you can even connect to the people behind these accounts to partly earn their trust. Swindlers nowadays are spoiled by innovations such as the Internet.
 
5.           Vishing: There's phishing, and then there's vishing. In simplified terms, vishing is the phone equivalent of a phishing attack.A visher basically uses the anonymity afforded by a phone call to pretend to be a representative of a target's financial institution. By manipulating a victim to enter his PIN, credit card number, and so on using the phone keypad, a visher can get instant access to another person's bank credentials.
 
6.           Whaling: This phishing variation involves stalking high-profile targets using both traditional phishing techniques as well as some Internet-based investigative methods (because anyone who's important enough to be, say, a junior executive of a company should have a significant online presence one way or the other).
 
7.           Phishing: Yes, the traditional phishing scam is also a social engineering tactic as well. After all, convincing users that you're a legitimate representative of their bank so that they'll click your link to your spoofed site requires a lot of convincing power as well as technical know-how.
 
8.           Techie Talk: So you're not a psychology graduate and you lack the charm of a traditional con artist; does that mean you don't have what it takes to be a social engineer? That's not necessarily the case for those who have a tech support background. Techie talk enables you to use your victim's lack of technology knowledge against him so that you can literally trick him into doing anything with his computer by "walking" him through the entire "process".
 
9.           Piggybacking: This is a simple process of appearing behind a legitimate employee in order to walk into a secure building. For example, you can pretend to hold an important package so that you can ask an actual employee with access to the office to "help" you get the door.
 
10.      Reverse Social Engineering: This method involves three steps: sabotage, advertising, and assisting. The first step involves the sabotage of a targeted network by any means necessary. The second step involves advertising your services to the network owners you sabotaged in the first place. The last step involves actual assistance, which will allow you access to your victims' databases and corporate information.
 
This modern-day equivalent of the age-old scam is particularly troubling to even the most secure data centers in the world because the so-called "human factor" remains the weakest and most vulnerable point of any given security system—and it has always been this way since time immemorial. Once you've tricked a person to hand you permission to access a network, all security measures are rendered null and void.
 
Never give your password, bank credentials over the phone.
Never give your password, bank credentials over email.
For more information you may want to see our SecPoint Support , SecPoint Contact or how to become a SecPoint Partner
WPA Password Recovery                                   Web Vulnerability Scanner                                 Protector UTM Firewall

 


Reviews of SecPoint.com
 
 
 
 
 

Awards & Reviews
  

  

Related pages
802.11 Protocol
Alfa AWUS036h Information
Alfa AWUS051nh Information
All about Cloud Security
Anti Hacking/Anti-Cracking Tips & Tricks
Anti Spam Black Lists
Anti-Cross Site Scripting (XSS) Tips and Tricks
Anti-Denial-of-Service Tips & Tricks
Anti-Phishing Tips & Trick
Anti-Social-Engineering Tips & Tricks
Anti-Spam Tips & Tricks
Anti-Spyware Tips and Tricks
Anti-SQL Injection Tips and Tricks
Anti-Virus Tips & Trick
Better Wi-Fi Range without Interference
Block Email Junk
Breaking Authentication Schemes
Cloud Internet Security
CSRF
DDoS
Distributed Denial of Service
DLP
Email & Spam Test Links
Ethical Hacker
Free Top 15 Wifi Security Tips Videos
FreeBSD
Google hacking
Honeypot
How does SEO hacking occur?
How to choose a vulnerability scanning vendor?
How to get rid of a trojan horse
How to get rid of malware
How to protect against client wireless hacking
Internet Information Services (IIS) - Web Service Attacks
IPX
IT Security Gurus
NetBEUI
OpenBSD
OSI
Pen Test Appliance
Portable Penetrator - Protector - Penetrator QR Codes
RC4
Risks of Cyber Crime
RSA
SecPoint Free Security Scan
Security Mailinglist Rss Feeds
Security Scanner
SEO 200 codes to 404 errors not follow html standard
SEO 302 Redirect
SEO Check a tags no follow
SEO Check cusor type to text spam
SEO Check for css hiding of elements
SEO Check for img alt title tags spamming
SEO check for long title tag spamming
SEO check for no tags noarchive noindex nofollow
SEO Check for short link tag spam
SEO check for small size font tag
SEO Check H tags H1..H6 spamming
SEO Check link from invisible img
SEO Check links do not correspond to a tag
SEO Check long keyword description tags
SEO Check NOSCRIPT text for spamming
SEO Check page has count a tags
SEO Errors explanations
SEO Javascript popups spam
SEO META REFRESH redirect spam
SEO Same link with different content
SEO Too many keywords spam
SharePoint Multi-Tier Attacks
SOX
Spam Blocker
SQL Server - Stored Procedure Attacks
Stealthy DDoS
Stop Spam
TCP/IP
Technology Papers
Test Your Security Policy
The Facts about Cloud Computing
The Sarbanes-Oxley Act of 2002
Top 10 Cloud Computing Services
Top 10 Free IT Security Tools
Top 10 Hacker Attacks
Top 10 Hackers
Top 10 IT Security Tips
Top 10 IT Security Tools
Top 10 Most Secure Operating Systems
Top 10 Myths in IT Security
Top 10 Phishing Scams
Top 10 Social Engineering Tactics
Top 10 Spam Attacks
Top 10 Spyware
Top 10 Viruses
Top 10 Ways to Protect Your Computer from Hackers
Top 10 Website Security Myths
Top 10 Worms
Types of Hacker
UTM Appliance Review
Virtual Machine
Virus Spam Bounce Ruleset
Vulnerability Assessment Guide
Vulnerability Testing Appliance
What are Server Misconfigurations and Predictable Pages?
What are the risks of the escalation of privileges in the active directory?
What is SSH?
White Papers
WiFi Security
Wifi Security Tips & Tricks
Wifi WEP Encryption Cracking Guide
Wifi WPA & WPA2 Encryption Cracking Guide
Wireless Access Point
Worldwide Security Events
WPA Handshake
WPA2
WPA2 Handshake

Subscribe to our Mailing List

Customer References


About
About
SecPoint
History
Mission Statement
Vision
Management
Investment
Bank
Sponsorship
Certificates
Environment
Environment
What is RoHS Weee?
Accounting
Values
Member of Organisations
Merchandise
SecPoint Certification
Design
Status Information
Hardware Vendors
Jobs
Environment
SecPoint on social media
Twitter Facebook Youtube
Products
Products
Protector
Cloud Protector
Penetrator
Portable Penetrator
Cloud Penetrator
Free IT Security Tools
Pricing
SecPoint Brochures
SecPoint Questions FAQ
SecPoint Datasheets
SecPoint SPID Library


Partners
Partners
Become a SecPoint Affiliate
Become a SecPoint Partner
SecPoint Franchising
SecPoint Partner Lounge
News
News
Press
Product Awards
SecPoint RSS Feeds


Contact
Contact
General Contact
IT Security Products Webshop
Latest SecPoint Software Images Change Log
SecPoint FAQ Frequently Asked Questions
SecPoint on Twitter
SecPoint Sales Training Videos
SecPoint Shipping Cost
SecPoint World Wide Shipping
Support
Solutions
Anti-Spam Appliance
UTM Appliance
Penetration Testing
Proxy Appliance
SAAS
Spam Filters
Vulnerability Assessment
Vulnerability Scanner
Vulnerability Scanning
Vulnerability Scanning Appliance
Web Content Filter
Web Filter Appliance
WiFi Hacking
How essential is vulnerability
management?
What is ...?

Encyclopedia | Free Scan Statement | Link Policy | Privacy Statement | Resources | Sitemap | User Policy
© Copyright 1999-2012: SecPoint®
SecPoint ApS Noerregade 7B - 1165 Copenhagen K - Denmark
US Toll free: +1-888-704-7297 - EU: +45-70-235-245