This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Social Engineering it can be defined as a collection of techniques used to manipulate people into performing actions or revealing confidential information or Access to the system is not authorized to enter or to obtain information through deception or snooping on the network or to spy on the production line or impersonate or disable the system or network. it similar to confidence trick the term typically applies to trickery for information gathering or computer system access .
We are living in the Internet world, and we heard daily regarding virus and hackers , after we reading the several questionnaire by business men and women and also people who work in government about what is the biggest problem them , we know biggest problem they have is penetrating the social engineers and steal important information for them when they use technology with every business like purchase ticket and do shopping online .
We all install antivirus and anti-Spyware software but still the virus infects our system
by hackers or infected by the Virus, Worms and that affect businesses to great extend.
In general, Social engineering can be defined as the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques .
What is social engineering ?
Social engineering is the art of arts is the ability to access companies and governments systems or important data of people and business men and women then stolen, it is depending on humans called them social engineers.
Also called social engineering to penetrate the minds of that through tactics that can steal information from others without feeling .
History of social engineering :
Social engineering dates back to the time when man began lying to his wife that tells her description engineered to get the appropriate answer him,
After World War II evolved social engineering and became used in intelligence.
Then spread social engineering and Kevin Mitnick was the first to take popular as social engineer after he got that confidential and private documents illegally ..
Among the most famous social engineers Frank Ibignal, David Bannon, Steven Jay Russell, Mahdi Alzlaoa, Peter Foster, and David Kennedya.
Categories of social engineering :
Social engineering is divided into two principal sections: technical and non-technical(human)
1- technical basis:
Are programs and techniques to help the hacker to access to information. These are some of the ways used by the technical basis:
Mail fraud ((phishing))
The term reflects the e-mail message from a company credit or a bank and Silatech and requests verification of information and This message contains a link to a Web page Ahtealh appear quite similar to the official website of the company, this page asks you to enter a password and user name and then direct you to the page right after that I got all of your confidential data .
Fraud voice (Vising)
This type depends on the war Dialler a program that contacting many of the phone numbers of different in the region and after contacting the hacker awaiting victims, and begins danger from the moment of lifting the handset and answer the message mechanism that tells him that his credit card T_khasg to steal and fraudulent transactions student you card number and some confidential data The hacker then gets what he wants
Annoying spam (Spam)
Is an interesting e-mails addresses read like congratulations from a friend or confirmation of the sale or other and inside those letters what is causing the destruction of the device and steal information.
They What we're saying in some locations of the download links programs, but they are supported by persuasive words about the importance of that program cunning thief device for sensitive information..
2- Non technical(human)
It is Crimes depend on humans and that the true description are crimes of human without interference technique.
Here are examples of the use of non technical (human).
And by developing different scenarios targeting Shi, and often over the phone they do not require attendance and face-to-face, but it requires some information such as name, date of birth and other.
diving in the trash
Of a common mistake to throw the mail or paper undesirable in the trash without shredding or remove data may be trash bridge hacker stronger identity theft and therefore can convince his victim, as well as drive Most companies think that survey data disk sponsor removed completely, but there are ways several technical to be restored even after you delete them.
. Spying and eavesdropping
Hacker can steal the password and important information by monitoring the victim while writing or tapping and listening to a telephone conversation it is always advised to avoid writing passwords and important information on paper under the keyboard or even exchanged.
How social engineering work ?
There are a very large number of ways used by social engineering and social engineers and here the most famous of these ways:
Of the most famous ways used by social engineers is to steal passwords and then access to personal information and important in email or computer, and uses social engineers information that puts people in social networking sites like Twitter and Facebook to guess passwords.
In this way hacker tries to gain the trust of the other and then send him messages with links or attachments containing malicious software and then
Impersonation/social network squatting:
In this case, the hacker impersonating someone known to the victim, such as family or friends, after he steals named
From the Internet or from Twitter or Face book
And then ask him to send his data or information .. and can hacker manipulates data increases or lacking.
Posing as an insider:
This case used a lothacker because they succeed by 90%, and the idea that he claims he worked at the company Officer security, security guard or a cleaner, and so win the confidence of the company and employees, then ask the employee with little experience or a new work for passwords ,and so he can enter or penetrate and even controls the company's information system.
Types of Attacks :
The act of creating and using an invented situation in order to convince a target to release information or grant access to sensitive materials.
This type of attack is usually implemented over the phone and can be used to obtain customer information, phone records, banking records and is also used by private investigators the hacker will disguise their identity in order to ask a series of questions intended to get the information he/she is wanting from their target.
By asking these questions the victim will unknowingly provide the attacker with all the information the hacker needs to carry out their attack.
On-Line Social Engineering
This attack exploits the fact that many users use the same password for all their accounts online such as for their e-mail, banking, or face book accounts.
So once an attacker has access to one account he/she has admittance to all of them
Another common online attack is for a hacker to pretend to be a network admin and send out emails which request usernames and passwords; this attack is not as common or successful because people have become more conscious of this type of attack.
Reverse Social Engineering
Probably the least used of the attacks, Requires extensive research and planning, the key is to establish yourself in a position of authority and have your targets come to you, giving you a better chance of retrieving information. This form of attack can be divided into three stages. Stage one - Sabotage: Cause a problem (Crash the network) Stage two - Advertise: Send out notice that you are the one to go to solve the problem. Stage three - Assist: Help the employees and get from them the info you came for. When all is done you fix the problem, leave, and no one is the wiser because the problem is fixed and everyone is happy.
Phone Social Engineering
The most common practice of social engineering A Hacker will call someone up and imitate a person of authority and slowly retrieve information from them. Help Desks are incredible vulnerable to this type of attack.
In attempting to persuade someone to do something .
Taking in to consideration that A social engineer with enough time, patience and tenacity will eventually exploit some weakness in the security of an enterprise. The Universityâ€™s campus constituentâ€™s awareness and acceptance of security policies and procedures are an important asset in the battle against attackers. The best defense against social engineering attacks combines raising the bar of awareness among students, faculty and staff, coupled with a sense of personal responsibility to protect the Universityâ€™s assets.