Best State of Art IT Security Solutions
The best Innovative and powerful IT Security products

Resources / IT Security Technical Part2 /

Top 10 Social Engineering Tactics

Learn more about Social Engineering. 
The easiest way to describe social engineering is to compare it to a con artist, or even P.T. Barnum himself. To be true, the quote, "There's a sucker born every minute," might as well be gospel to a typical social engineer. More to the point, social engineering is a process wherein someone uses influence, deception, and persuasion to get information that would otherwise be unavailable to them (which is also known as fraud). At any rate, here are the top ten social engineering tactics people use to.

Gain access to most anything man made in the world

 
1.           Alcohol: It's a scarily effective way to get the information you want out of a so-called security expert or corporate executive. It's not just the hard drinks that does people in, though; it's a combination of their lowered guards, their inebriation, and the ambiance of the bar that compels them to spill the beans and disclose information they normally wouldn't share.
 
2.           Sex: You really don't need fancy cracking programs, hacking devices, and whatnot to steal the information you need. Before the concept of firewalls was even formulated, sex (or at the very least, sex appeal) has been used to manipulate targets into divulging their personal secrets with you (pillow talk, if you will), which may include work-related data.
 
3.           Neuro-Linguistic Programming: A social engineer should be an expert at manipulating the human mind. Ergo, understanding NLP (neuro-linguistic programming) is a must. When done right, NLP allows a social engineer to subtly use a careful choice of words and his body language in order to earn the confidence of an intended mark. Understanding behavior profiling and personality styles will make this technique even more effective as well.
 
4.           Social Networks: If manipulating people through human psychology techniques just isn't your thing, then perhaps a little bit of social network research is in order. Sites like MySpace and Facebook are a social engineer's paradise because it's a virtual treasure trove of personal and corporate information. If you want, you can even connect to the people behind these accounts to partly earn their trust. Swindlers nowadays are spoiled by innovations such as the Internet.
 
5.           Vishing: There's phishing, and then there's vishing. In simplified terms, vishing is the phone equivalent of a phishing attack.A visher basically uses the anonymity afforded by a phone call to pretend to be a representative of a target's financial institution. By manipulating a victim to enter his PIN, credit card number, and so on using the phone keypad, a visher can get instant access to another person's bank credentials.
 
6.           Whaling: This phishing variation involves stalking high-profile targets using both traditional phishing techniques as well as some Internet-based investigative methods (because anyone who's important enough to be, say, a junior executive of a company should have a significant online presence one way or the other).
 
7.           Phishing: Yes, the traditional phishing scam is also a social engineering tactic as well. After all, convincing users that you're a legitimate representative of their bank so that they'll click your link to your spoofed site requires a lot of convincing power as well as technical know-how.
 
8.           Techie Talk: So you're not a psychology graduate and you lack the charm of a traditional con artist; does that mean you don't have what it takes to be a social engineer? That's not necessarily the case for those who have a tech support background. Techie talk enables you to use your victim's lack of technology knowledge against him so that you can literally trick him into doing anything with his computer by "walking" him through the entire "process".
 
9.           Piggybacking: This is a simple process of appearing behind a legitimate employee in order to walk into a secure building. For example, you can pretend to hold an important package so that you can ask an actual employee with access to the office to "help" you get the door.
 
10.      Reverse Social Engineering: This method involves three steps: sabotage, advertising, and assisting. The first step involves the sabotage of a targeted network by any means necessary. The second step involves advertising your services to the network owners you sabotaged in the first place. The last step involves actual assistance, which will allow you access to your victims' databases and corporate information.
 
This modern-day equivalent of the age-old scam is particularly troubling to even the most secure data centers in the world because the so-called "human factor" remains the weakest and most vulnerable point of any given security system—and it has always been this way since time immemorial. Once you've tricked a person to hand you permission to access a network, all security measures are rendered null and void.
 
Never give your password, bank credentials over the phone.
Never give your password, bank credentials over email.
 Vulnerability Scanner - Vulnerability Management 

➤ Related pages
Anti Denial of Service Tips & Tricks
Anti Phishing Tips & Trick
Anti Social Engineering Tips & Tricks
Anti Spam Tips & Tricks
Anti Spyware Tips and Tricks
Anti Virus Tips & Trick
Better WiFi Range
Protect Against Client Wireless
Risks of Cyber Crime
SecPoint Free Security Scan
Security Mailinglist Rss Feeds
Top 10 Hacker Attacks
Top 10 Hackers
Top 10 IT Security Tips
Top 10 IT Security Tools
Top 10 Myths in IT Security
Top 10 Phishing Scams
Top 10 Secure Operating Systems
Top 10 Social Engineering Tactics
Top 10 Spam Attacks
Top 10 Spyware
Top 10 Viruses
Top 10 Ways to Protect
Top 10 Website Security Myths
Top 10 Worms
WiFi Security
WiFi Security Tips & Tricks

Powerful UTM Firewall, Vulnerability Scanner, WiFi Penetration Testing software

SecPoint is specialized to deliver the best IT security solutions and products.

Compatible with Product
Securely protected by SecPoint
Customer reference King Customer reference New York Customer reference ROC Customer reference Rochdale Customer reference Roscrea Customer reference Tradetracker Customer reference Unicef Customer reference King Customer reference New York Customer reference Roc Customer reference Rochdale Customer reference Roscrea Customer reference Tradetracker Customer reference Unicef