“Social Manipulation”: When it is human, it is often dangerous

 Data gaps are the order of the day, but the threats to infrastructures and enterprises are growing.  

Social engineering is also called "social manipulation", which is called interpersonal intercourse with the aim of provoking certain types of behavior in persons, for example, to convey confidential information or to release funds. Social Engineers spy out the personal environment of their victim, deceive identities, or use behaviors such as authority to obtain secret information or unpaid services. Often, social engineering is used to penetrate a third-party computer system to view confidential data; One also speaks of social hacking. The basic pattern can be seen in the case of phoned telephone calls. The attacker calls the employees of a company and decides as a technician who needs confidential access data to complete important work. Already in the run-up, he has gathered small information on procedures, daily office talks and corporate hierarchies from publicly accessible sources or previous telephone calls, which help him in the interpersonal manipulation.

A well-known variant of social engineering is phishing. Here, fictitious e-mails with a confusing design are sent to the potential victims. The content of these messages can be, for example, that a certain service you are using has a new URL and you should login to it from now on. If this is the case, criminals get possession of the log-in name and password. Another possibility is that the victim is prompted by an alleged administrator to return the log-in data in response, alleging technical problems. The most important contribution to combating social engineering is provided by the victim himself, by ensuring the identity and justification of a respondent. Already the inquiry to the name and telephone number of the caller or the existence of a non-existent colleague can reveal badly informed attacker.

The method was publicly known by the hacker Kevin Mitnick, one of the most popular people in the US. Mitnick said that social engineering was the most effective way to get a password, and suggested technical approaches to speed by length.

Source: Echo

Topics: Social Engineering, social manipulation, penetration testing, social hacking, confidential information, false identities, fictitious emails, keynote speaker, Password, security consultant, URL, phishing, release funds, Kevin Mitnick, login name

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

PCI Testing: Everything You Need To Know

Penetration testing is crucial for businesses to help ensure that their security posture will stand against threat actors. For businesses that handle ..

Read more ›

The 4 Phases of Penetration Testing

So, you’ve done your research on penetration testing and are ready for the pentest engagement. But before you choose just any pentesting vendor, it’s ..

Read more ›

What is Web Application Penetration Testing?

Is your company in the process of developing a new application? There are a lot of moving parts involved in developing and deploying cutting-edge appl..

Read more ›