Be careful from that person who emotionally trying to get your confidential information such as Bank account detail or your email details. That person can sell your data to others or personally make a profit from it. The whole process is known as Social Engineering.
In the context of computer security, Social Engineering is an art of maneuvering victims so that Social Engineers can acquire confidential information from them. White Hat hackers and Black Hat hackers both uses Social Engineering tactics to get information from the victim. It is one of the cyber attacks used by hackers that do not require any technical skill. Hackers who have good communication skills can become a Social Engineer becoming a part of the Social Engineering or Hacking Community.
Let's know some of the tactics used by Social Engineer's:
1. Pretexting:
"Pretexting" is one of the old tactics used by Social Engineers, in which they engage the victim and acquire confidential data/information.
2. Phishing Emails:
"Phishing E-mails" is one of the generic tactics used by the Social Engineers. In this technique, they send an email that contain malicious link or script. When user opens the email or click the link provided in the mail, malware is automatically download into the victim system. Malware like Trojan easily access any information from the victim system and sends it to the attacker's machine. In some cases, malicious links redirect to the fake website whose UI is similar to the victim company sites or E-mail provider site and then ask him to enter their confidential information.
3. Physical Penetration Testing (On-site):
In "Physical Penetration Testing" Social Engineers visit the target victim company and poses as an authorized personal. Social Engineers get access the system of the company and steal their confidential information either for their's personal gain or sell the information to the competitor of a victim company.
Relationship between Social media and Social Engineering:
Social networking sites are also targeted by the Social Engineers. They get the information of social networking site users and make a fake profile posing like a legitimate user of that social network. By using the fake profile on the social media, Social Engineer target the friends of the legitimate users by getting theirs confidential information for malicious intention.
At last, we can say that Social Engineers can be either a technical person or non-technical persons. For preventing Social Engineering attacks, we need to pay subtle attention to people around us.
image courtesy:quantummediocrity.wordpress.com