“Social Manipulation”: When it is human, it is often dangerous

 Data gaps are the order of the day, but the threats to infrastructures and enterprises are growing.  

Social engineering is also called "social manipulation", which is called interpersonal intercourse with the aim of provoking certain types of behavior in persons, for example, to convey confidential information or to release funds. Social Engineers spy out the personal environment of their victim, deceive identities, or use behaviors such as authority to obtain secret information or unpaid services. Often, social engineering is used to penetrate a third-party computer system to view confidential data; One also speaks of social hacking. The basic pattern can be seen in the case of phoned telephone calls. The attacker calls the employees of a company and decides as a technician who needs confidential access data to complete important work. Already in the run-up, he has gathered small information on procedures, daily office talks and corporate hierarchies from publicly accessible sources or previous telephone calls, which help him in the interpersonal manipulation.

A well-known variant of social engineering is phishing. Here, fictitious e-mails with a confusing design are sent to the potential victims. The content of these messages can be, for example, that a certain service you are using has a new URL and you should login to it from now on. If this is the case, criminals get possession of the log-in name and password. Another possibility is that the victim is prompted by an alleged administrator to return the log-in data in response, alleging technical problems. The most important contribution to combating social engineering is provided by the victim himself, by ensuring the identity and justification of a respondent. Already the inquiry to the name and telephone number of the caller or the existence of a non-existent colleague can reveal badly informed attacker.

The method was publicly known by the hacker Kevin Mitnick, one of the most popular people in the US. Mitnick said that social engineering was the most effective way to get a password, and suggested technical approaches to speed by length.

Source: Echo

Topics: Social Engineering, social manipulation, penetration testing, social hacking, confidential information, false identities, fictitious emails, keynote speaker, Password, security consultant, URL, phishing, release funds, Kevin Mitnick, login name

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

How to Prioritize Your Pentesting Report’s Remediation Recommendations

If you recently received a penetration test, you’re on the right track to improving your cybersecurity posture. However, you may be wondering what the..

Read more ›

Understanding Post-Inoculation Cybersecurity Attack Vectors

If you’ve recently improved your cybersecurity posture, you should know that the work to protect your company’s data is not over.

Read more ›

Password Management Best Practices: How Secure Are Password Managers?

Password managers are convenient tools for storing, organizing, and accessing passwords. But are they safe from cyber attacks?

Read more ›