Social engineering attacks are growing fast, and today majority of attackers use social engineering techniques to infiltrate into a victim’s network. It is very difficult for a technician to identify social engineering attacks, as these attacks do not involve any technical tools or any software-coding program. A social engineering hacker attempts to persuade users to provide information that will enable him to use their computers or computer resources. Many technicians think that such attacks are a cause of concern only for large organizations. It used to be the case earlier, but now hackers target all sectors.

Social engineering attacks succeed because they are allowed to succeed, i.e., in most cases the fraud could have been avoided if the victim had not provided the information that the hacker tried to extract. Getting information through social engineering methods is easier than making complicated code, and the information that a hacker gets through social engineering is correct and more reliable. To secure users from social engineering attacks as well as other attacks, you need to know what type of attacks they might fall victim to from social engineering hackers or any other Technical hacker. You should also try to find out what a hacker wants and calculate the possible loss to your organization. Accordingly, the security policy of the company should be reviewed and preventive measures should be taken. The changing must include educating your employees so that they can recognize the situations of social engineering and react swiftly. This helps others not to get affected by the same procedure or cheated by the same person again. The social engineering hacker might use various tricks to persuade his victim to reveal vital information. Depending upon the mental ability of the victim, he judges and applies his techniques while interacting with him.

The simplest way of social engineering hacking is to ask for the information directly from the victim. Seems easy? Yes it is. The only thing an attacker needs is presence of mind. A social engineering hacker can be anyone. Even your boss or manager can call you and ask for your login ID and Password, or it might be the technician who is offering you help. Users can also be attacked through fake e-mails, which might lead them to open a Web site designed to trick the recipients in giving important information such as usernames, passwords or addresses. This trick is also very popular with technical hackers, but instead of sending e-mails, they persuade victims to visit Web sites, which contain scripts that deploy Trojan virus or Key-loggers to the victims’ computers. Nowadays hackers also use mouse loggers and screen grabbers to obtain vital information. Organizations should take proper steps to educate their employees about different social engineering techniques.

Some other common types of attacks that hackers adopt are as follows:

Types of attacks

* Back Door:
* Spoofing:
* Denial-of-Service (DoS):
* Password Guessing Attack:
* Replay Attack:

These days organizations have to upgrade their security to protect crucial information, and in the same way hackers are also developing more sophisticated techniques of attack. At the end of this article you have learnt about various social engineering techniques and steps to be taken to prevent such attacks from taking place.

Explore More

Open University Malaysia (OUM)’s Web Vulnerability

PlanetCreator had informed OUM’s XSS Vulnerability CODE http://www.planetcreator.net/2009/11/critical-xss-vulnerability-on-open-university-malaysia/ But nobody cares , How come they all wana do like this so shit! Where is OUM’s Wemaster? Sleeping @ Camp? Yeah,

Reverse SSH Tunneling (NAT)

Have you ever wanted to ssh to your Linux box that sits behind NAT? Now you can with reverse SSH tunneling. This document will show you step by step how

What are the user authentications supported by the SSH-2 protocol?

The SSH-2 protocol supports the following user authentications: * Public key authentication (DSA, RSA*, OpenPGP) * Host-based authentication * Password-based authentication Note: SSH-1 supports a wider range of user authentications,