Social Engineering: Hacking people

This has become one of the hottest topics today and it seems to work out most of the times. Social Engineering doesn’t deal with the network security issues, vulnerabilities, exploits, etc. It just deals with simple psychological tricks that help to get the information we want. This really works!! But it requires a lot of patience.

We are all talking about network security and fixing the vulnerabilities in networks. But what happens if some internal person of a network accidentally gives out the passwords. After all we are all humans; we are also vulnerable and can be easily exploited and compromised than the computers.

Social Engineering attacks have become most common during the chat sessions. With the increase in use of Instant Messengers, any anonymous person may have a chat with another any where in the world. The most crucial part of this attack is to win the trust of the victim.

It may take a long time (may be in minutes, hours, days or months) for this to happen. But after you are being trusted by the victim he will say you every thing about him. Most of the times his person information will be useful to crack his web accounts like e-mail ids, etc. Even some people are so vulnerable to this attack that they even give their credit card numbers to the strangers (social engineers).

Some social engineers stepped one more forward and they send some keyloggers or Trojans to the victims claimed to be as screensavers or pics. These keyloggers when executed gets installed and send back information to the attacker. So be careful with such attacks.

Prevention:

1) Don’t believe everyone you meet on the net and tell them every thing about you. Don’t even accidentally say answers to the questions like “What’s you pet’s name?”, “What is your mothermaiden’s name?”, etc. which are particularly used by your web account providers to remind your passwords.

2) Don’t give your credit card details to even your chating through instant messengers. Remember, it’s not a hard deal for an attacker to crack an e-mail id and chat with you like your friend. Also data through IMs can be easily sniffed.

3) Don’t accept executable files (like *.exe, *.bat, *.vbs, *.scr, etc.) from unknown persons you meet on the net. They might be viruses or Trojans.

Please act carefully, use security software and ask professionals for help.