focus mostly on coming up with technological controls for both physical devices
and software. Hackers have come up with strategies to manipulate human
behavior. Social engineering is one of the techniques hackers use to exploit
users for some information. Hackers use tricks to manipulate individuals into
providing personal information or sensitive company’s information which they
can use for their own gains.
Hackers engage users in unethical activities by manipulating
them to provide confidential information they gain use to gain unauthorized
access to computing resources. Social engineering is totally a different technique
from ethical hacking.
is a process where an experienced network security analyst penetrates a network
to find loopholes or vulnerabilities which can be used by hackers to gain
access to the system. This technique tests the weaknesses of a particular
information system. An ethical hacker is
legally recognized and hacks the system on behalf of the system owner. He is
also called Whitehat hacker.
Below are some of the techniques hackers use for
manipulating human behavior
exploits: In this method, the hacker gets close to the victim he wants to
manipulate. The user may not be aware of his real intention because he may act
as a friend, as a colleague or someone they always meet at social events or
even during lunchtime. Through the interaction, the user gets familiar with the
attack and he can take them to the workplace answer him questions related to
work and even personal details. As they keep on interacting the attacker keeps
note of the normal operation of the company and security measures
established. He tries to find as much
information as he can in order to identify the weakness of the system.
users: The hacker can try to intimidate the user into revealing an important
information. This mostly can occur through a phone call where the hacker may
call the target victim pretending to be high ranking official and have a heated
argument with the victim. To avoid confrontations, the unsuspecting victim may
reveal confidential information like login details to the hacker which can
later on use to gain access to the system.
phishing technique: this is the most popular technique used to gain information
online from a web application. The attacker can impersonate a particular
website like PayPal account and send a message to the user where they have to
confirm their details by login to the system. A user may not suspect since the
embedded link sent looks exactly as the normal payment account. When the user
enters the username and password, that information is directed to the attacker
and can use to get more information about the user and even credit card
this involves following the target victim closely as he enters restricted
areas. The target victim may not be aware there is someone following him
human greed: people like free things and the attacker can use this technique to
obtain personal information from unsuspecting users. An example is where a
website is used to lure users online that they have won free gifts like phone
and some cash. Before the users get the cash, they need to fill a form with
their details and even confirm the information provided is correct on their
credit card. Hackers can also promise to give free things to the interested
users in exchange for certain information. Hackers use this technique to
exploit users into giving their personal information.
human curiosity. Some hackers may use physical media to gain access to system
information. A USB drive infected with Trojan virus can be left at a strategic
place where a suspecting employee can find it. Due to their curiosity to know
what’s inside the USB drive, the plug it into their machine. This activates the
keylogger and the hacker can gain access to the system’s database and steal
attacks are planned
malicious person interested in hacking a particular system he can plan on to
gain access to the system through the following steps.
victim: This is the first step in any social engineering attack. The hacker has
to gain insightful information about the victim; his responsibilities,
weaknesses and any other information he can use to his advantage. This
information can be found on company’s website or even engaging the user while
pretending to be his friend.
up the victim: In order to plan how to execute the attack, a hacker can engage
the victim to know what he knows about the system. He steers the conversation
in a way the unsuspecting victim will give out confidential information about
the company’s information system.
After getting all the information they need in order to gain access to the
system, the next step is to execute their plan.
Sometimes the hackers need to cover up their tracks to avoid any suspicion
especially if they need to have control of the network traffic of the company’s
system and eavesdrop on the information being exchanged through the network.