Social Engineering is one of the most basic hacking methods.
Social engineering, in basic, is grabbing information about the target person or institution by using people’s human interactions and their carelessness. Shortly, Social Engineering’s goal is to -quite literally- fool people by using their emotions, inattentiveness and their weaknesses and grab information.
How to do Social Engineering Attacks?
There are a lot of ways for you to perform this. As example:
Making up fake and non-realistic situations.
Convincing people to think that a message is from a reliable source.
A gift or promotion winning attacks.
Going through their trash bin. (Yes, the literal trash bin.)
Getting information from old PC’s or info storage products.
These are all social engineering attacks and we’ll explain some of these to you.
Making up fake and non-realistic situations
These attacks are prepared very professionally and are a huge problem in most of the world for a long time. The damages of these attacks are, sadly, quite big. Stealing credit cards, money frauds in huge amounts, etc. are the examples. Also, if you may remember, even a very famous professor in our country (Turkey) fell for one of these social engineering attacks…
Convincing people to think that a message is from a reliable source
They send messages very similar to messages from banks, companies, police, public prosecutor, facebook, instagram etc. and they make people click on the fake domain and give them their personal information, in the end your information will be stolen. I can hear you saying “How can people be that stupid?” It really doesn’t have to do anything with stupidity, because the domains in those messages look very realistic. As example (kernellblog.org). They add extra letters and numbers so that you won’t really notice unless you pay attention. Though in most cases people just don’t pay attention at all and they click the link and fill in the forms with their personal information.
This is one of the most important social engineering hacks that you must remember.
Trojans are softwares that look harmless but their main intention is to harm you. They usually look like a safe software on an unsafe website. These programs cause security vulnerabilities on your PC and they help illegal log-in’s to your computer and/or the leakage of your information and also can encrypt all of your files. Some of them can even ask for money to encrypting them. As example, there was a trojan called “CryptoLocker” and it asked for money (300$) from all of the PC’s it infected, or else it’d delete all of the files on that computer. In the end, many of the users had to pay that money.
A Gift or Promotion Winning Attacks
In these attacks, the victim believes that they’re going to be in advantage, win money or gifts by doing nothing at all. The victim puts in their personal information without thinking, such as their phone number, or the password to their bank account. This results in people stealing their information, of course.
Going Through Their Trash Bin
Yes, you heard it right. They search through the victim’s trash bin for CD’s USB’s and password information to find something important about them.
Information like torn up and thrown away written passwords or work information which carries strategic importance.
Getting Information from Old PC’s or Info Storage Products
They can also get information from old tablets or notebooks that aren’t used anymore. They can go through the files on it, find the victim’s weaknesses and use it against the victim to get their information.
Don’t forget that the attacking methods are limited to the attacker’s imagination. You may face social engineering attacks that are completely different from the ones we talked about.