Social Engineering – An important Technique for Hacking
Social Engineering is the act of manipulating a person to accomplish goals that may or may not be in the “target’s” best interest. This may include obtaining information, gaining access, or getting the target to take certain action. Social engineering is generally a hacker’s clever manipulation of the natural human tendency to trust. The hacker’s goal is to obtain information that will allow him/ her to gain unauthorized access to a valued system and the information that resides on that system.
Security is all about trust. The weakest link in the security chain is, the natural human willingness to accept someone at his or her word leaves many of us vulnerable to attack. The Internet is a fertile ground for all social engineers looking to harvest passwords. The primary weakness is that many users often repeat the use of one simple password on every account like Yahoo, Gmail, rediff, Facebook, and even for their corporate Ids.
So once the hacker has got one password, he or she can probably get into multiple accounts. One way through which hackers have been known to obtain this kind of password is through an on-line form which they can send and ask the user to put in their User name, password & other important details. These forms can be sent through E-mail and seems to be the legitimate from the genuine source
Every time you try to get someone to do something in your interest, you are engaging in social engineering. From children trying to get a toy from their parents to adults trying to land a job or score the big promotion, all of it is a form of social engineering in a way. Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves deceiving other people to break normal security procedures. A person using social engineering to break into a computer network would try to gain the confidence of someone who is authorized to access the network in order to get them to reveal information that compromises the network's security. They might call the authorized employee with some kind of urgent problem; social engineers often rely on the natural helpfulness of people as well as on their weaknesses.
Another aspect of social engineering relies on people's inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Frequently, social engineers search dumpsters for valuable information, memorize access codes by looking over someone's shoulder (shoulder surfing), or take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed. Security experts propose that as our culture becomes more dependent on information, social engineering will remain the greatest threat, to any security system.