Sunday, July 2, 2017

Social Engineering

The art of getting information from people by manipulating them to carry out activities, disclosing sensitive information or more. The key is that the target should not be able to feel that he is being targeted to gain information. It's similar to getting information out from a drunk friend. The human brain along with the technical tools can be used to get information.  Some examples may include human voice along with the telephone or wearing a camouflage of an organization with an accent to gain information. 

Psychology of social engineering

1. Elicitation

It is a trivial method to bring out information out of a person. The social engineering is not done for pen testing. It is done in many different contexts by professionals, hackers,  marketers.etc. This may include a parent getting information out of a child about who broke the mirror. The questions bring the target in comfort so that he brings out the information without having a clue about the fact that he was being manipulated.

2. Framing

This is a good technique used in marketing. Consider a politician being asked a certain question. The politician will try to divert questions opposed to them by framing answers for a different question. The person will start to build a frame around what they really want to talk about and completely ignoring what they are questioned about. A social engineer must master these aspects of communication so that they can steal conversation in the direction they chose. In this regard, the information is being taken out from the target without making him realize that he is being manipulated.

3. Pretexting

This involves coming up with a story, mostly an emotional one, to provide or get information to take some action. It usually produces a hurry situation for the target. Getting a password reset for an account verified at the desk with some excuse is an example. This setup emotionally attacks the target. Although we may feel sorry for him.

4. Cold Calling

A cold calling for a social engineer is very helpful depending upon what person he adopts The method is usually used by a salesperson. He tries to sell his product to the customer. Despite the customer avoiding the salesperson, he will try to get the weak point of the customer by creating a scenario of questions of necessity.

