Social Engineering Hacking

 Social Engineering

This method is really an effective nontechnical way of breaking the security of a system or a network. It’s the process of deceiving users of a system and convincing them to give out some information that can be used to defeat or bypass security of a system or network. This process is easy to understand. But there are a lot of people who think that this is not an effective way but as i think this is very effective process of breaking into a system or network.  This method can be used to gather information before or during an attack.




Social Engineering: Social engineering is the process of getting some secure information's by performing some actions. These information's can be used for breaking the security. Here i used a word some actions. email and telephone call are the most widely used actions to perform social engineering. Social engineers exploit the natural tendency of a person to trust their word, rather than exploiting computer security holes. It’s generally agreed that users are the weak link in security; this principle is what makes social engineering possible.



It does not matter if enterprises have invested in high end infrastructure and security solutions such as complex authentication processes, firewalls, VPNs and network monitoring software. None of these devices or security measures is effective if an employee unwittingly gives away key information in an email, by answering questions over the phone with a stranger or new acquaintance or even brag about a project with coworkers at a local pub after hours.

Social engineering can be broken into two common types:

Human-based: Human-based social engineering refers to person-to-person interaction to retrieve the desired information. An example is calling the help desk and trying to find out a password.

Computer-based: Computer-based social engineering refers to having computer software that attempts to retrieve the desired information. An example is sending a user an e-mail and asking them to reenter a password in a web page to confirm it. This social-engineering attack is also known as phishing.

eg: of Human based social engineering

Attacker calls to the victim and claimed to be the victim's bank employee.
Attacker: Hello sir, i am calling from ABCD Bank. Are u Mr. Bob??
Victim: Hello Mr. Is there any problem??
Attacker: Last night our system crashed and we are trying to restore it. Don't worry data is successfully backed up but we need to check all your transactions. So we need your password.
Victim: what?? password.
Attacker: We can  get your password from our database but due to our privacy policy we can not use your password without your order. 
Victim: OK so i am agree now you can use. go and see from the database but plz my account should be secure.
Attacker: we need your password from you to authenticate you too. So please if you are agree, tell me your used id and password combination
Victim: hmmmmmmmm....... ok My id- bob007 password: bobaccount
Attacker: OK thank you sir. we will call you again if we need further support. have a nice day sir

Now attacker has victim's password.

Social Engineering is the hardest form of attack to defend against because it cannot be defended with hardware or software alone.

I tried to give u a short information about social engineering. If you have any problem or confusion do comment