Social engineering is an old fashioned manipulation to pursue or convince the user to divulge the required information, which can lead to security lapse. All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases*. These biases, sometimes called "bugs in the human hardware," are exploited in various combinations to create attack techniques. Though not new, Social engineering has become more complex and global problem then ever.
Fraudsters around the world share the common goals a) Fraud b) Network Intrusion c) Industrial Surveillance/espionage d) Identity theft. The aim of a security experts is to protect the computer system from unwanted attacks from the fraudsters and hackers. Through employing different security mechanisms one can protect these unauthorized entries. Most of the organization solely rely highflying millions of dollar worth technologies, but they fail to notice that every computer system on earth is somehow related to human, who are most venerable to attacks. While new technology may reduce the risk of hacker attacks, it’s not a silver bullet. If the goal is to protect the network, one just cannot rely on technology alone.
Whether it is security of a system or something else, it is based on trust. To trust is a human nature, but probably it is the biggest weakness. Social engineers take advantage of this characteristic of human and manipulate their mind to crack the system. Social engineering can happens anywhere. It can happen in chat rooms, it happens when you travel in metro, it happens when you are sitting with your colleague in a restaurant discussing some important business matter, it can happen via email or anytime where user is getting in touch with another person.
Social Engineering methods** broadly can be classified as physical and psychological.
Physical methods are:
- Dumpster Diving.
- Physical Intrusion or Eavesdropping.
Whereas psychological methods are:
- Via phone.
- On-line method.
- Reverse social engineering.
Daily more and more social engineering crimes are reported at various locations. The mistake most of the corporations do is to devise strategies only to prevent physical attacks, whereas they ignore more threatening psychological strikes. There is strong need to develop and implement turnkey security policies to combat all types of security breaches.
* Cognitive Bias is a broad term for all distortions in the human mind that are hard to avoid and that lead to a perception, judgment, or reliability that deviates systematically, involuntarily, and rather distinct from the "reality". For eg: Illusion of Control: The tendency for human beings to believe they can control or at least influence outcomes which they clearly cannot.
** Complied from different documents and personal lecture notes.
Dr Nikhil Agarwal