Advanced Cyber Security

You are here: SecPoint Cyber Security News

Social Engineering Full Guide Explained

How to protect from social engineering attacks

Some hackers that destroy people's lives, entire hard drivers are called crackers and or vandals.

Some other novice newbie hackers or crackers will simple download some hacker tools and without any knowledge run them
also referred to as script kiddies.

How Protect your organisation from Social Engineering attacks.
It is important to educate your entire staff in the organisation.

Identify all incoming communications channels.

Social Engineering is also known as People Hacking.

This could be:

  • Emails
  • Phone calls
  • Live chat Calls
  • People at the desk
  • Skype

It is important to educate your staff on which information is allowed to be given out.

Malicious black hat attackers might deploy social engineering techniques and simple
call your organisation and pretend they call from a specific company to obtain sensitive information.
They could be calling identifying they are a calling from the bank, internet provider, some of the companies business partners and this way try to phis sensitive information.

It is recommended to have a clear policy to never give out sensitive information such as:

  • Merchant ID numbers
  • Passwords
  • Usernames
  • Emails
  • Credit card information.
  • Bank account information.
  • Or any other data sensitive to your organisation.

If anyone is calling asking for sensitive data always call back on the official number rafter it has been verified and confirmed their identify.

Another popular technique is for the attacker to call up and ask for non sensitive data.
Simple to build trust. After that they can ask sensitive data and obtain it more easily.
Be vigilant for anyone calling asking for non sensitive data

Common roles a social engineer attacker can play when calling
Being an author asking for information for a book or movie
Being a support engineer asking for password information to reset the account.
Being a technician from the phone company asking sensitive data.
Being a movie director
Being a talent spider
Calling for a Survey
Calling as a lost employee looking for information
Someone that sounds as an insider to the company but ask quite a lot of information

When an attacker needs to obtain sensitive physical papers or items they will make a MAIL DROP.
This is a social engineer's term for renting a mailbox in a fake name

It is recommended to never give out any personal or internal company information, identifiers to anyone.

The best way to prevent social engineering attacks is by educating employees and make them aware of handle non public information.

Deploying a data policy

It is recommended to implement a policy prohibiting giving out internal phone numbers, emails or other contact information of specific employees, contractors, consultants to any outsider.

Two techniques often used in Social Engineering attacks.

First attack is simple for the Social Engineer to ask straight forward for the sensitive information.
The straight forward attack works more often than anyone will be believe.
This could be just calling up ask for a persons specific phone number.
The more the attacker using the companies own lingo the higher the success rate.

The second attack type would to ask more non sensitive questions first. And once trust is build up asking for more sensitive information.

One of the more popular tricks for social engineers when calling state organisations or larger corporations is to call as a survey.
They can call pretending they are doing a survey and start by asking low level questions to gain trust.
When doing a Savy the attacker can sometimes be lucky to bypass companies standard security checks.

Dumpster diving and paper trail
Many are fooled to believe companies are paperless.
In reality companies print out large amount of paper containing sensitive information on a daily basis.

It is recommended for companies to have a policy on shredding all paper with sensitive information before it gets thrown out.
In reality this might not always happen due to human error.

Pricing Click Here ->

Buy from a VAR or VAD Click Here ->

Get a Free Vulnerability Scan Click Here ->

Ingenco2 Trustmark SecPoint Trustpilot Emaerket