Cyber Security Articles & News

“Social Manipulation”: When it is human, it is often dangerous

 Data gaps are the order of the day, but the threats to infrastructures and enterprises are growing.  

Social engineering is also called "social manipulation", which is called interpersonal intercourse with the aim of provoking certain types of behavior in persons, for example, to convey confidential information or to release funds. Social Engineers spy out the personal environment of their victim, deceive identities, or use behaviors such as authority to obtain secret information or unpaid services. Often, social engineering is used to penetrate a third-party computer system to view confidential data; One also speaks of social hacking. The basic pattern can be seen in the case of phoned telephone calls. The attacker calls the employees of a company and decides as a technician who needs confidential access data to complete important work. Already in the run-up, he has gathered small information on procedures, daily office talks and corporate hierarchies from publicly accessible sources or previous telephone calls, which help him in the interpersonal manipulation.

A well-known variant of social engineering is phishing. Here, fictitious e-mails with a confusing design are sent to the potential victims. The content of these messages can be, for example, that a certain service you are using has a new URL and you should login to it from now on. If this is the case, criminals get possession of the log-in name and password. Another possibility is that the victim is prompted by an alleged administrator to return the log-in data in response, alleging technical problems. The most important contribution to combating social engineering is provided by the victim himself, by ensuring the identity and justification of a respondent. Already the inquiry to the name and telephone number of the caller or the existence of a non-existent colleague can reveal badly informed attacker.

The method was publicly known by the hacker Kevin Mitnick, one of the most popular people in the US. Mitnick said that social engineering was the most effective way to get a password, and suggested technical approaches to speed by length.

Source: Echo

Topics: Social Engineering, social manipulation, penetration testing, social hacking, confidential information, false identities, fictitious emails, keynote speaker, Password, security consultant, URL, phishing, release funds, Kevin Mitnick, login name

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

4 Signs Your Organization Needs Red Team Penetration Testing

According to a recent poll conducted by PwC, executives believe that mandated disclosures, tests of resilience, and pressure to get data security and ..

Read more ›

2023 Cybersecurity Budget Considerations for Your Organization

With the use of multiple work platforms and applications, organizations must choose between spending on cybersecurity or being vulnerable to devastati..

Read more ›

Why Choose Mitnick Security for Your Penetration Testing Services?

Incorporating cybersecurity services as part of your organization’s security plan can help stop threat actors in their tracks. From cyber security awa..

Read more ›