Be a Professional Social Engineer!!!

Social Engineering....

Social Engineering….

This article is about the introduction of social engineering.
Mostly we are not familiar with the term Social Engineering. Hope this article will give u some basic ideas about SE’ing .
Social Engineering is a process, a tactic or a strategy to gain access to private information or to public events. One needs to be skilled when he does social engineering. It is a practice which one interrupts other personal activity on the web. Usually it involves tricking other people to break normal security procedures. One does social engineering to obtain confidential information by manipulating users. It has something to do with the computer security. It’s a kind of invasion that involves tricking other people to break normal security procedures.

Social Engineering definitions:
“Social Engineering is the online criminals can use sophisticated technology to try to gain access to your company, or they can use something simpler and more insidious.”
Wiki:” Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information.”

Many consider social Engineering to be the greatest risk to Security.
Many people are afraid of it, or they feel they will never be able to accomplish a successful social engineering test.
However, every time u try to get someone to do something i.e. in your interest, you are engaging in social engineering.
Eg: From Children trying to get a toy from their parents to adults trying to land a job or score the big promotion all are form of Social Engineering.

Social Engineering is both incredibly complex and amazingly simple. It includes positive form of communication such as parents, therapists, children, spouse and others.
Hackers utilize Social Engineering many times because human weakness factor is so much easier to penetrate than the network weakness.
Hackers win mostly in battle because they are not limited by time or lack of motivation.

A True Story
“ One morning a few years back, a group of strangers walked into a large shipping firm and walked out with access to the firm’s entire corporate network. How did they do it? By obtaining small amounts of access, bit by bit, from a number of different employees in that firm. First, they did research about the company for two days before even attempting to set foot on the premises. For example, they learned key employees’ names by calling HR. Next, they pretended to lose their key to the front door, and a man let them in. Then they “lost” their identity badges when entering the third floor secured area, smiled, and a friendly employee opened the door for them.
The strangers knew the CFO was out of town, so they were able to enter his office and obtain financial data off his unlocked computer. They dug through the corporate trash, finding all kinds of useful documents. They asked a janitor for a garbage pail in which to place their contents and carried all of this data out of the building in their hands. The strangers had studied the CFO’s voice, so they were able to phone, pretending to be the CFO, in a rush, desperately in need of his network password. From there, they used regular technical hacking tools to gain super-user access into the system.
In this case, the strangers were network consultants performing a security audit for the CFO without any other employees’ knowledge. They were never given any privileged information from the CFO but were able to obtain all the access they wanted through social engineering. (This story was recounted by Kapil Raina, currently a security expert at Verisign and co-author of mCommerce Security: A Beginner’s Guide, based on an actual workplace experience with a previous employer.)

While reading about SE’ing i came across these sites.

google dork

may be same

Anti-Phishing Working Group Phishing Archive

FTC Consumer Alert: 12 Scams Most Likely To Arrive Via Bulk Email

FTC Consumer Alert: How Not to Get Hooked by a ‘Phishing’ Scam

Recognize and avoid fraudulent email to Microsoft customers

United States Secret Service Advance Fee Fraud Advisory

US-CERT Cyber Security Tip ST04-007: Reducing Spam

US-CERT Cyber Security Tip ST04-010: Using Caution with Email Attachments

US-CERT Technical Cyber Security Alert TA05-189A: Targeted Trojan Email Attacks


kevin mitnick

One of the most discussions about SE’ing is“Is Social Engineering legal?”Will have some basic details about this in the next blog.