+- Blackhat Carding Forum | Carding Forum - Credit Cards - Hacking Forum - Cracking Forum | Bhcforums.cc (https://bhcforums.cc)
+-- Forum: Hacking and Cracking Zone (https://bhcforums.cc/Forum-Hacking-and-Cracking-Zone)
+--- Forum: Hacking (https://bhcforums.cc/Forum-Hacking)
+--- Thread: Social Engineering 2020 (/Thread-Social-Engineering-2020)
Social Engineering 2020 - Blackhatking - 02-10-2020
Social engineering, in the context of information security, is the psychological manipulation of people into performing actions or divulging confidential information. Check out NLP
Neuro Linguistic Programming (NLP) is all about bringing about changes in perception, responsible communication and developing choices of responses or communication in a given situation. ... NLP works on the principle that everyone has all the resources they need to make positive changes in their own life
Social engineering is a non-technical strategy people use that relies heavily on human interaction and often involves tricking people into breaking standard security practices. ... When successful, many social engineering attacks enable attackers to gain legitimate, authorized access to confidential information.
1. Phishing
[To see content please register here]
is the most common type of social engineering attack. The attacker recreates the website or support portal of a renowned company and sends the link to targets via emails or social media platforms. The other person, completely unknown of the real attacker, ends up compromising personal information and even credit card details.You can prevent phishing emails by using spam filters in your email accounts. Most email providers do this by default nowadays. Also, don’t open any emails coming from an untrusted source or you find it suspicious.
2. Spear Phishing
A social engineering technique known as Spear Phishing can be assumed as a subset of Phishing. Although a similar attack, it requires an extra effort from the side of the attackers. They need to pay attention to the degree of uniqueness for the limited number of users they target. And the hard work pays off, the chances of users falling for the false emails are considerably higher in the case of spear phishing.
3. Vishing
social engineers can be anywhere on the internet. But many prefer the old fashioned way; they use the phone. This type of social engineering attack is known as Vishing. They recreate the IVR (Interactive Voice Response) system of a company. They attach it to a toll-free number and trick people into calling the phone number and entering their details. Would you agree on this? Most people don’t think twice before entering confidential info on a supposedly trusted IVR system, do they?
4. Pretexting
Pretexting is another example of social engineering you might’ve come across. It’s based on a scripted scenario presented in front of the targets, used to extract PII or some other information. An attacker might impersonate another person or a known figure.
You might’ve seen various TV shows and movies where detectives use this technique to get into places where they’re personally not authorized, or extract information by tricking people. Another example of pretexting can be fake emails you receive from your distant friends in need of money. Probably, someone hacked their account or created a fake one.
5. Baiting
If you have seen the movie Troy, you might be able to recall the trojan horse scene. A digital variant of this technique is known as Baiting and it is one of the social engineering techniques used by people. Attackers
[To see content please register here]
or optical disks at public places with a hope of someone picking it up out of curiosity and using it on their devices. A more modern example of baiting can be found on the web. Various download links, mostly containing malicious software, are thrown in front of random people hoping someone would click on them.6. Tailgating
Similarly, there are other social engineering techniques, like Tailgating, where a person takes help of an authorized person to get access to restricted areas where RFID authentication or some other electronic barrier is present.
7. Quid pro quo
Another social engineering method Quid pro quo involves people posing as technical support. They make random calls to a company’s employees claiming that they’re contacting them regarding an issue. Sometimes, such people get the chance to make the victim do things they want. It can be used for everyday people also.
Quid pro quo involves an exchange of something with the target, for instance, the attacker trying to solve a victim’s genuine problem. The exchange can include materialistic things such as some gift in return for the information.
Improve your emotional intelligence
Stay aware of your surroundings
Think before you act