Social engineering techniques
Familiarity Exploit: Users are less suspicious of people they are familiar with. Before launching a social engineering attack, an attacker can familiarize themselves with the target system’s users. The attacker may interact with users during meals, when users are smoking he may join, on social events, etc.
This makes the attacker familiar to the users. Let’s suppose that the user works in a building that requires an access code or card to gain access; the attacker may follow the users as they enter such places. Due to their familiarity, the users are more likely to hold the door open for the attacker to enter.
The attacker can also ask for answers to questions such as where you met your spouse, the name of your high school math teacher, etc. Users are more likely to answer because they are familiar with the individual. This information could be used to hack email accounts and other accounts that ask similar questions if one forgets their password.
Situations that Are Intimidating: People have a tendency to avoid people who intimidate those around them. Using this technique, the attacker may pretend to have a heated argument on the phone or with an accomplice in the scheme. After that, the attacker might ask users for information that could be used to breach the system’s security.
Most likely, the users are giving the correct responses to avoid fighting with the attacker. This technique can also be used to avoid been checked at a security check point.
Phishing: This method uses deception and trickery to get users’ private data. The social engineer may try to impersonate a genuine website such as Yahoo and then ask the unsuspecting user to confirm their account name and password. This method could also be used to get information about your credit card or any other important personal information.
Tailgating is the practice of following behind users as they enter restricted areas. As a human courtesy, the user is most likely to let the social engineer inside the restricted area.
Exploiting human curiosity: The social engineer may use this strategy to purposefully drop a virus-infected flash drive in a location where users can easily pick it up. The user will most likely plug the flash disk into the computer.
The user may be tempted to open a file with a name like Employees Revaluation Report 2013.docx, which may actually be an infected file, or the flash disk may automatically execute the virus. Exploiting human greed: Using this technique, the social engineer may lure the user with promises of making a lot of money online by filling in a form and confirm their details using credit card details, etc.
