Social Engineering, In this Post I will show you how to do some things that in many situations might be illegal, unethical, a violation of terms of service, or just not a good idea.
I provide This information for education and use it to protect yourself.
Before following these instructions, be sure you are on the right side of the legal and ethical line… use
your powers for good !

This Post provides an introduction to social engineering attacks and some basic concepts behind them.          you will be introduced to the following topics:

 

  • What is social engineering.

  • Why social engineering.

  • The objects of social engineering.

  • Social engineering types and Technique.

  • Social engineering tool.

What is social engineering.

 

social engineering

 

Social engineering is a term that describes a non-technical intrusion that relies
heavily on human interaction and often involves tricking other people to break
normal security procedures. is also the art of convincing people to reveal confidential information, it depends on the fact that people are unaware of their valuable information and are careless about protecting it.

Why social engineering.

social engineering is very powerful because there is no way to stop this attack, You can’t Install Antivirus In your Mind 🙂 .
you just should be careful and don’t make a relationship with anyone and don’t talk with strangers 🙂 .                         No, seriously there is no way to stop a social engineering attack. That what make this attack in the top of hacking techniques.

 

The objects of social engineering.

 

The Objects of social engineering is collecting as much information as possible about the target.
The information Obtained may include:

  •  Credit card details and social security number.
  • usernames and passwords.
  • Other personal information.
  • Security products in use.
  • Operation systems and software versions.
  • Network layout information.
  • IP addresses and names of servers.

Social engineering types and Technique.

 

In This Section, We Will see The type Of Social engineering.
Basically, social engineering is broken down into two types:

  • Human based .
  • Computer based.

Human-basde Social Engineering

In this Type, The attacker interacts directly with the target to get information.
For Example:
The attacker calls the database administrator asking to reset the password for the target account, by gathering the target information from any remote social networking site.

Human-basde Social Engineering techniques.

human-based social engineering use this technique:

Eavesdropping:

This is the unauthorized listening to of communication
between two people or the reading of private messages. It can be performed
using communication channels such as telephone lines and e-mails.

 

shoulder Surfing:

With This technique, an attacker stands behind the victim and secretly observes the victim’s activities on the computer such keystrokes while entering usernames, passwords, etc.
This technique is commonly used to gain passwords, PIN, security codes, account numbers, credit card information, and similar data. it can be performed in a crowded place as it is relatively east to stand behind the victim without his or her knowledge.

 

Dumpster Diving:

Dumpster diving involves looking in the trash can for
information written on pieces of paper or computer printouts. The hacker
can often find passwords, filenames, or other pieces of confidential
information in trash cans.

 

Posing as a legitimate end user:

In this type of attack, the social engineer
assumes the identity of a legitimate user and tries to get the information,
for example, calling the helpdesk and saying, “Hi, I am Mary from the X
department. I do not remember my account password; can you help me out?”

 

Impersonating:

In this type of attack, a social engineer pretends to be a
valid employee of the organization and gains physical access. This can be
perfectly carried out in the real world by wearing a suit or duplicate ID for
the company. Once inside the premises, the social engineer can gain valuable
information from a desktop computer.

Social Media :

In this type, attackers gather information through social engineering on social networking website such as Facebook, LinkedIn, Twitter, Pinterest, Etc.
attackers create a fake profile on social networking sites and then use the false identity to lure the employees to give up their sensitive information.

Computer-basde Social Engineering

Computer-based social engineering refers to attacks carried out with the help of
computer software to get the desired information.

Computer-basde Social Engineering techniques.

Pop-up windows:

 

Pop ups trick users into clicking on a hyperlink that  redirects them to visit an attacker’s web page, asking them to give away their personal information or asking them to download software that could have attached viruses in the backend.

Insider attack:

This type of attack is performed from inside the target
network. Most insider attacks are orchestrated by disgruntled employees
who are not happy with their position in the organization or because they
have personal grudges against another employee or the management.

Phishing:

phishing

 

 

 

 

 

 

 

 

Spammers often send e-mails in bulk to e-mail accounts, for
example, those claiming to be from the UK lottery department and informing
you that you have won a million pounds. They request you to click on a link
in the e-mail to provide your credit card details or enter information such as
your first name, address, age, and city. Using this method the social engineer
can gather social security numbers and network information.

Social engineering attack through a fake SMS:

In this type of attack,
the social engineer will send an SMS to the target claiming to be from
the security department of their bank and also claiming that it is urgent
that the target call the specified number. If the target is not too technically
sound, they will call the specified number and the attacker can get the
desired information.

Social engineering tool.

 

Social-Engineering Toolkit (SET)

SET is a menu-driven attack system that mainly concentrates on attacking the
human element of security. With a wide variety of attacks available, this toolkit is an
absolute must-have for penetration testing. You can use This tool with Kali Linux.

Once the user clicks on the SET toolkit, it will open with the options shown in the
following screenshot

setoolkit

 

 

 

 

 

 

 

 

 

 

 

When You Clicks 1) Socila-Engineering Attacks.

 

setoolkit

 

actually, you will not need other tools. SET has everythings you need such as Cloning Websites To use it for phishing with spear-phishing attacks vector, create Fake SMS With SMS Spoofing attack vector, spamming with Mass Mailer attack,Fake  Wireless Acess Point For phishing With Wireless Access Point Attack Vector, etc.

 

Important: I f you still not understand or you need more information I provide This books,  they really help me to understand The social engineering and help me to write this post.

social engineering the art of human hacking

 

 

 

 

       Download

 

 

 

 

 

 

 

 


 

 

 

kali linux social engineering

 

 

 

 

       Download

 

 

 

 

 

 

 

I Hope This Post Was Helpful.
Please Write Comment If Like This Post.