“Social Manipulation”: When it is human, it is often dangerous

 Data gaps are the order of the day, but the threats to infrastructures and enterprises are growing.  

Social engineering is also called "social manipulation", which is called interpersonal intercourse with the aim of provoking certain types of behavior in persons, for example, to convey confidential information or to release funds. Social Engineers spy out the personal environment of their victim, deceive identities, or use behaviors such as authority to obtain secret information or unpaid services. Often, social engineering is used to penetrate a third-party computer system to view confidential data; One also speaks of social hacking. The basic pattern can be seen in the case of phoned telephone calls. The attacker calls the employees of a company and decides as a technician who needs confidential access data to complete important work. Already in the run-up, he has gathered small information on procedures, daily office talks and corporate hierarchies from publicly accessible sources or previous telephone calls, which help him in the interpersonal manipulation.

A well-known variant of social engineering is phishing. Here, fictitious e-mails with a confusing design are sent to the potential victims. The content of these messages can be, for example, that a certain service you are using has a new URL and you should login to it from now on. If this is the case, criminals get possession of the log-in name and password. Another possibility is that the victim is prompted by an alleged administrator to return the log-in data in response, alleging technical problems. The most important contribution to combating social engineering is provided by the victim himself, by ensuring the identity and justification of a respondent. Already the inquiry to the name and telephone number of the caller or the existence of a non-existent colleague can reveal badly informed attacker.

The method was publicly known by the hacker Kevin Mitnick, one of the most popular people in the US. Mitnick said that social engineering was the most effective way to get a password, and suggested technical approaches to speed by length.

Source: Echo

Topics: Social Engineering, social manipulation, Speaking Engagements, penetration testing, confidential information, false identities, fictitious emails, Password, security consultant, URL, phishing, release funds, Kevin Mitnick, login name

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

6 Types of Social Engineering Attacks and How to Prevent Them

Social engineering attacks account for a massive portion of all cyber-attacks.

Read more ›

What You Get When You Invest in Social Engineering Testing with Mitnick Security

When testing your employees' social engineering readiness, your teams need simulated attacks that feel as if they’re coming from a nefarious engineer...

Read more ›

Mitnick Security: Ransomware Awareness Training

Ransomware is a type of malware that prevents accessibility to either a single computer or an entire network until a ransom is paid. This can result i..

Read more ›
tech-texture-bg