Monday 4 December 2017

Social Engineering Tutorial

What The Social Engineering (or social engineering or social manipulation in French)


Social Engineering
The manipulator will often use your emotions to achieve his ends.
It's the art, the science of manipulating people to get something from them without them realizing it. One influences or abuses the trust of a person to obtain a good or information generally about a computer system (password, sensitive data). It is therefore the famous human fault .
This fault is a very fragile piece It can be used by ALL the world without specific knowledge and it is the key of success of 90% of hacker. These techniques are not detected by the antivirus, but it is the human being who can defend himself, easily, when he becomes aware of it and remains vigilant.
We are all already manipulators , everyone has already lied several times in life, in the current month, even the same day. Handling requires no specific degree or age, everyone is able to, and this makes the attack very widespread and vicious. The pirate (or manipulator) will notably play on the psychology, the feeling of the targets, and progress slowly towards the final goal: to hack his victim.

How to counter the attempts of Social Engineering?

This is an interesting subject that directly concerns social psychology applied to computers .
We will therefore seek above all to prevent any attempt at manipulation. We will then try to detect an attempted manipulation, that's 90% of the work done.
  • Prevention:
We start by not leaving too many traces on the Internet and remove a maximum if necessary.
The manipulator loves the e-mail addresses you have left here and there. It seeks to identify your interests , your hobbies , your habits , your friends . It seeks in general to create an ID card on you and more information you give more you him make it easy task. The Secrets on Our Anonymity guide gives you a shocking concrete example.
Tip: you can, knowing this, give false information to trap a manipulator. Do not hesitate to create several different e-mail addresses for different needs.
  • Know who you really are dealing with:
The manipulator will never use his true identity unless he knows you really well and that it does not pose any problem. He will usually be the opposite sex to you , and in a more general way he will often be thought of as a woman .
If he handles very well you will usually see only fire because he will create a completely realistic profile .
So you have to take the time to ask him for information that he does not have in his possession.
The best way is to request a photo of him with your name / nickname written on a piece of paper . A trusted person will always be able to assure you that it is this way and it only takes 2 minutes.
If he gives you photos (for example of attractive women) you can use the TinyEye online service to search for the existence of this photo on the net. You will immediately see where the picture comes from.
  • Fail the attack:
Keep these principles in mind and the attack will fail all the time:
  • Do not give ever your sensitive information over the Internet to a person you do not know physically (and not even to you know).
  • Change your passwords regularly .
  • Be always vigilant and do not believe the very special offers, enticing etc ...
  • Stay informed about computer attacks and scams.
For more details, definitions and practical examples, I invite you to follow the How to Become a Hacker guide.

No comments:

Post a Comment