Understanding Human-Based Social Engineering

Adeniyi SalauPosted oninCOMPUTER SECURITYLeave a comment
Understanding Human-Based Social Engineering

In my previous article, I have talked more about social engineering and some of the reasons why you need to keep your personal data and identity secured. In this article, I want to discuss some of the facts that you need to know about human-based social engineering. Follow me as we are going to look at this together in this article. 

 

 

Social Engineering is the art of convincing people to reveal confidential information. It is the trick used to gain sensitive information by exploiting basic human nature. The act intends to gather sensitive information such as credit card details, social security numbers among others which include passwords and other personal information.

Some examples…

“Hi, we are from CONESCO Software. We are hiring new software development team. We got your contact from a popular job portal. Please provide details of your job profile , current project information , social security number and your residential address.”

 

Another one…

” Hi, I am Mike calling from CITI Bank. Due to threat perception, we are updating our core systems with new security features. Can you provide your personal details to verify that you are Stella?”

And another one…

“Hi. I am John Brown. I am with the external auditor Mr Sandrex. We have been told by Corporate to do a surprise inspection of your disaster recovery procedures. You have 10 minutes to show me how you would recover from a website crash”

We have two types of social engineering which are:

  • Human-based social engineering
  • Computer-based social engineering
PEOPLE ALSO READ:  All You Need To Know About Wi-fi Technologies

 

#1 Human-Based Social Engineering

Eavesdropping is unauthorised listening to conversations or reading of messages. It is interception of any form of communication such as audio, video, or written conversions. 

#2 Shoulder Surfing 

Shoulder surfing is the procedure where the attacker looks over the user’s shoulder to gain critical information such as password, personal identification number, account numbers, credit card information e.t.c.
An attacker may also watch the user from a distance using binoculars in order to get the piece of information. 

#3 Dumpster Diving

Dumpster diving includes searching for sensitive information at the target company’s trash bin, printer thrash bin, or user’s desk for sticky notes among others.
It involves the collection of phone bills, contact information, financial information, operations related information among others. 

Computer-Based Social Engineering

Here are some of the instances of computer-based social engineering…

#1 Pop Up Windows 

Windows that suddenly pop up while surfing the internet and ask for the user’s information to log in or sign in.

#2 Hoax letters

Hoax letters are emails that issue warnings to the users on new viruses, Trojans, or worms that may harm users’ systems.

#3 Chain letters 

Chain letters are emails that offer free gifts such as money and software on the condition that the user has to forward the mail to the said number of persons.

#4 Instant Messaging

Gathering personal information by chatting with a selected online user to get information such as birth names and maiden names.

#5 Spam Email

Irrelevant, unwanted, and unsolicited email to collect the financial information, social security numbers, and network information.

PEOPLE ALSO READ:  5 Types Of Email Security Threats: How To Handle It.

#6 Phishing

This is an illegitimate email falsely claiming to be from a legitimate site that attempts to acquire the user’s personal or acquired information.
Phishing emails or pop-ups redirect users to fake websites or mimic trustworthy site that asks them to submit their personal information.

#7 Phony Security Alerts

Phoney security alerts are the emails or pop up windows that seem to be from reputable hardware or software manufacturers like Microsoft, Dell among others.
It warns/ alerts the user that the system is infected and thus will provide an attachment or a link in order to patch the system. Scammers suggest to the user to download and install those patches. The trap is that the file contains malicious programs that may infect the user’s system.

#8 Social Networking sites

Computer-based social engineering is carried out through social networking sites such as Orkut, Facebook, Myspace, LinkedIn, and Twitter among others. Attackers use social networking sites to exploit a user’s personal information. 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

 

Fact Check Policy

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

PEOPLE ALSO READ:  MTA 98-368: Joining a Device to a Network In Windows 8.1

 

     

Fact Check Policy
Contact Us

 

Loading

Related Posts

Facts About International Organisation For Standardization (ISO)Facts About International Organisation For Standardization (ISO)
International Organisation For Standardization (ISO): Some Major...
Facts About International Organisation For Standardization (ISO)     I know to some...
Read more
Understanding Access Control List In CybersecurityUnderstanding Access Control List In Cybersecurity
Understanding Access Control List In Cybersecurity
  Many technologies and protocols can have impacts on security monitoring....
Read more
image showing the scrum processimage showing the scrum process
The General Purpose Of Sbok Guide. What...
The General Purpose Of Sbok Guide      In recent years, it has...
Read more
Helping The Youth To Grow SpirituallyHelping The Youth To Grow Spiritually
Helping The Youth To Grow Spiritually. RCCG...
  TOPIC: Helping The Youth To Grow Spiritually OPENING PRAYER: Father, help all...
Read more
The Cost Of Discipleship. RCCG SOD Year ThreeThe Cost Of Discipleship. RCCG SOD Year Three
The Cost Of Discipleship. RCCG SOD Year...
The Cost Of Discipleship. RCCG SOD Year Three   There are certain...
Read more
rccg sod year onerccg sod year one
RCCG SOD Year One. Know Yourself. Part...
    We have already told you that you are important to...
Read more
Depression: a man with his hand on his headDepression: a man with his hand on his head
Depression. RCCG Sunday School Teachers.
LESSON INTRODUCTION  Depression is a word from the Latin verb “deprimere,”...
Read more
Intrapreneurship: RCCG Sunday School Teachers.Intrapreneurship: RCCG Sunday School Teachers.
Intrapreneurship: RCCG Sunday School Teachers.
  Opening Prayer: Father, please help me to maximise my potential...
Read more
CRMNuggets Whatsapp Channel
truehost

Adeniyi Salau

Adeniyi Salau is a highly dedicated and committed Blogger of repute. He likes sharing his IT knowledge with others. My desire is to impact as many lives as possible with my IT skills. You can download my mobile APP. Download the ICTLOAD APP on Google Playstore. Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *

Enable Notifications OK No thanks