Cyber Security Articles & News

“Social Manipulation”: When it is human, it is often dangerous

 Data gaps are the order of the day, but the threats to infrastructures and enterprises are growing.  

Social engineering is also called "social manipulation", which is called interpersonal intercourse with the aim of provoking certain types of behavior in persons, for example, to convey confidential information or to release funds. Social Engineers spy out the personal environment of their victim, deceive identities, or use behaviors such as authority to obtain secret information or unpaid services. Often, social engineering is used to penetrate a third-party computer system to view confidential data; One also speaks of social hacking. The basic pattern can be seen in the case of phoned telephone calls. The attacker calls the employees of a company and decides as a technician who needs confidential access data to complete important work. Already in the run-up, he has gathered small information on procedures, daily office talks and corporate hierarchies from publicly accessible sources or previous telephone calls, which help him in the interpersonal manipulation.

A well-known variant of social engineering is phishing. Here, fictitious e-mails with a confusing design are sent to the potential victims. The content of these messages can be, for example, that a certain service you are using has a new URL and you should login to it from now on. If this is the case, criminals get possession of the log-in name and password. Another possibility is that the victim is prompted by an alleged administrator to return the log-in data in response, alleging technical problems. The most important contribution to combating social engineering is provided by the victim himself, by ensuring the identity and justification of a respondent. Already the inquiry to the name and telephone number of the caller or the existence of a non-existent colleague can reveal badly informed attacker.

The method was publicly known by the hacker Kevin Mitnick, one of the most popular people in the US. Mitnick said that social engineering was the most effective way to get a password, and suggested technical approaches to speed by length.

Source: Echo

Topics: Social Engineering, social manipulation, penetration testing, social hacking, confidential information, false identities, fictitious emails, keynote speaker, Password, security consultant, URL, phishing, release funds, Kevin Mitnick, login name

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

How Social Engineering Can Affect an Organization

Organizations around the world are enrolled in security awareness training programs and taught to look out for cybercriminals who are using a hacking ..

Read more ›

5 Questions to Ask Before Conducting a Pentest

Getting ready for a pentest might seem overwhelming, no matter if it’s your first or your fourth. 

Read more ›

Who is REvil? The Notorious Ransomware Hacking Group, Explained

Over the last two years, the internet has been riddled with ransomware attacks wherein cybercriminals compromise technology or data, make it inaccessi..

Read more ›