Tailgating is an Example of What Type of Attack

     Basically, social engineering is an art of manipulating people. But it comes to hacking it is important skills to hackers and it is one of the dangerous a technique that they hack into computer systems. Basically, when we are talking about the target through people it doesn't matter it could be a website or it could be companies or it could be an organization or just could be normal people. The overall idea is to associate with people or target website or target organization and hack through the people. Most companies spend a lot of money on securing their software and they have a team of security people and ethical hackers tries to hack their companies and secure their companies as possible. The whole idea of social engineering is to hack the people, web admins, employees and to hack their friends from their gain access to hack their target.

      Now the very popular questions that I get and you get to learn to hack and why do I learn to hack? Well there no of reasons, first of all, we teach you hacking and secure your self and organization and system from these attacks. There is a huge market for pentesters, so then they test their system and make sure that they secure and they no vulnerability. Then you will be paid and this is a normal job and there is a huge demand for it. This is also increased the awareness when we teach these they will get less effective. When you know are dangerous and you can more aware. These attacks are not as effective as there are. At the end of the day teach this or learn this is like kung-fu. You can use for good purpose and protect your friends, family or you can use for other purposes.

Types of Social Engineering Attacks

   There are many Social Engineering attacks like Phishing, Spear Phishing, Vishing, Pretexting, Baiting, Tailgating, Quid pro quo, Whaling attacks, Watering hole.

Phishing

     Phishing attacks are common in social engineering attacks. In this technique, the attackers use emails, social media, SMS to trick the victims of providing sensitive information or victims visiting malicious URL to compromise their system.

Prevention:

          1. You can prevent by using spam filters in your e-mail accounts.

          2. Don’t open any e-mails from untrusted sources or suspicious you find.

Spear Phishing

     Spear Phishing is assumed as a subset of Phishing, it requires an extra effort from the side of the attackers. It targets a specific organization or individual, seeking unauthorized access to sensitive information. Spear Phishing comes from a trusted source, the apparent source of the e-mail is likely to be an individual in own’s company or generally, someone in a position of authority or from someone the target knows personally.

     The attacker collect information from social media about targets, including their personal and professional relationships and other personal details. The attackers use this information to frame the target. The attacker sent an attachment that installs malware on the target’s device or directs the target to the malicious website for getting sensitive information like passwords, accounts information or credit card information. When the target clicks or opens the e-mail, they get hacked.

Prevention:

         1. Limit the amount of personal information you share on social media and other websites.

         2. Don’t  click on links without verifying the URL matches an e-mail’s stated destination.

         3. Contact the associate, friend or business purporting to send the message to confirm the request.

Vishing:

     Vishing is an electronic fraud tactic in which the individuals are tricked to getting personal information. It works like Phishing but does not conduct by over the internet and it is done by using voice technology. The attack can be conducted by the voice email, landline or cellphone.

Prevention:

1.       Verify unexpected phone requests are connected to incoming phone calls.

2.       Be very suspicious of any caller who asks for personal information.

3.  Any caller who makes this type of request is a scammer. Refuse the request and notify security.

Pretexting:

     Pretexting email is a form of social engineering technique for getting privileged data.

Prevention:

         1. Filter Employee Emails

         2. Provide Awareness Program

         3. Establish a Policy to Handle Suspected Pretexters.

         4. Get an Insider Threat Management Solution.

Baiting

     Baiting is similar to Phishing attacks. This the attack is also getting personal information like passwords etc.

Prevention of social engineering attacks:

        1. Delete any request for financial information.

             2. Reject request for help.  

        3. Set your spam filters to high.

        4. Secure your computing devices.

        5.  Beware of any download.

        6. Foreign offers are fake.