Every Social Engineer targets specific behavioral traits in the victim so as to extract maximum information out of him. These behavioral traits include but are not limited to:
- The excitement of Victory Mr. X gets an e-mail stating, “You have won 1 Million Dollars and to claim the winning amount, fill in the attached document and forward it to the email id: email.xyz.com. Switch off your antivirus as it may block the download due to highly encrypted Digital Signature of the documents”. Out of Excitement he switches off his Antivirus and proceeds as ordered and downloads the document and opens it but finds it corrupted. Little does he know that he has just downloaded malware on his machine which allows the email sender to gain remote access to his machine.
- Fear of Authority Many people are apprehensive in the presence of someone they perceive as an authority figure, it is not that person they are apprehensive about but most likely the position and power of the person that intimidates them and makes them. The attackers take on roles of authority figures such as law enforcement officers or high-ranking company officials to extract sensitive organizational information from the victims.
- Desire to be helpful Keith A. Rhodes, chief technologist at the U.S. General Accounting Office, which has a Congressional mandate to test the network security at 24 different government agencies and departments said in one of his interviews that, "Companies train their people to be helpful, but they rarely train them to be part of the security process. We use the social connection between people, their desire to be helpful.” People in their desire to be helpful and to solve other people's queries, give out a lot of information that otherwise should not be disclosed to an outsider as it could give an attacker a chance to get unauthorized access to the target system causing a possible loss.
- Fear of Loss Mr. X gets an e-mail stating, “You have won 1 Million Dollars and to claim the winning amount, deposit $75,000 in Account number: ********* in 10 days from receiving this e-mail, failing to which the winning amount would be declared unclaimed and there would be a nee lucky-draw to decide the next winner”. Out of fear that he might lose such a good opportunity, he deposits the amount to the account number provided. When his future replies to the e-mail address go unanswered for the next two months nor do the 1 Million Dollar gets deposited to his account, he understands that he has been scammed.
- Laziness All of us have come across some of the other jobs that require us to do only a specified set of activities and not linger around looking for better ways of doing that activity. This causes boredom to the person who performs the same task repeatedly on a daily basis and over time learns “shortcuts” to do the tasks using minimal efforts and still meeting the targets. Such individuals over a period of time become lazy and are susceptible to attackers who target such individuals as they know that they would get the required information with much ease due to the laid back attitude of these individuals towards their work.
- Ego Many times, the attacker makes the person more emotionally sure of himself/herself and thus removing the logical awareness of the security breach that is occurring. The result is that the person being hacked senses no harm in providing whatever it is that the attacker is requesting. The reason that such an attack succeeds is that the attacker is a receptive audience for victims to display how much knowledge they have.
- Insufficient knowledge Knowledge about the target system is one of the key factors that differentiate the attacker from other employees of the organization. Many times, due to lack of proper training, the employees are themselves not sure if they have complete knowledge about the product and Social Engineers take advantage of such situations by creating a sense of urgency and not allowing the employee much time to think and understand the fact that they are under attack.#cybersecurity #hacking #security #technology #hacker #infosec #tech #ethicalhacking #programming #linux #hackers #cyber #kalilinux #cybercrime #malware #python #privacy #it #iot #cyberattack #coding #dataprotection #hack #ethicalhacker #networking #blogpost #informationsecurity #cybersecurityawareness #nasvera #programmer #datasecurity #bhfyp
Comments
Post a Comment