What is social engineering?
According to me Social Engineering is an art. It is not so easy to be an social engineer.
Let me explain you what is it. It is a method used by the hackers to gain access to the victims network or to their system, this can be done even by your friend or your manager or any stranger who is sitting next to you in a bus or train.
"Gathering your personal details and the important detail about your organization by the hacker is called social engineering".
There are two types of test to do this.
1) Active Test
2)Passive Test
*
Active test:Here the attacker will contact the victim physically I mean through phone or in person.
In phone, it is a widely used method to grab you personal details. The attacker will randomly call a person and will start to ask few questions, let me put you an example conversation
BOB: HI THERE, WE ARE CALLING FROM EBAY.
ALICE: hI YA.
BOB: YOU HAD GOT A PRODUCT FROM XXX COMPANY AND THEY HAVE SEND THAT TO YOU BUT WE DON'T HAVE YOUR RECORDS ON OUR DATA BASE, SO CAN YOU PLEASE TAKE SOME TIME TO ANSWER FEW QUESTION
ALICE: WHY NOT GO HEAD.
BOB:
THANK YOU.THESE ARE FOR SECURITY PURPOSE ONLY. CAN I HAVE YOUR FULL NAME WITH YOUR ADDRESS PLEASE
ALICE: MY NAME IS ALICE JON AND MY ADDRESS IS NO 0 BELHILL AVENUE, WESTMINESTER, LONDON WN77AA.
BOB: THANK YOU I appreciate THAT. And can you tell your date of birth please.
ALICE: IT'S 26TH AUG 1979.
BOB: THAT'S FINE. DO YOU HOLD ANY ACCOUNT IN A BANK WHICH HAS ONLINE TRANSACTION FACILITY?
ALICE: YES BUT WHY YOU NEED THAT INFORMATION.
BOB: AS YOUR REGISTERING WITH OUR COMPANY FOR VERY FIRST TIME WE GIVE YOU A CREDIT FOR 10 $ WITH WITCH YOU CAN BUY ANY PRODUCT OF WORTH 10$ IN NEXT 3 WEEK.
ALICE: OH THAT'S GREAT....(SHE GIVE THE BANK ACCOUNT NUMBER AND OTHER DETAIL REGARDING HER BANK.
That's it now BOB got almost all her personal detail.
Next time BOB will call ALICE as if he is calling from her bank which she the detail before.
BOB HI WE ARE CALLING FROM XXX BANK WE GOT AN SECURITY ISSUE WITH UR ACCOUNT. SOME ONE TRIED TO ACCESS YOUR ACCOUNT WRONGLY MORE THAN 3 TIME AND THE ACCOUNT HAS BEEN BLOCKED NOW. IF YOU WANT TO ACTIVATE YOU ONLINE BANKING YOU NEED TO RESET YOUR PASSWORD AND PIN WHICH WE CAN DO IT FOR YOU FREE NOW.
FIRST WE NEED TO CONFIRM FEW THINGS WITH YOU. IS YOUR ADDRESS IS ...................(WHICH HE GOT FROM PREVIOUS CALL)AND YOUR ACCOUNT NUMBER IS XXXXXXXXXXX.
ALICEYES THAT IS CORRECT.
now ALICE will start to believe the guy since he told her address and account no exactly.
BOBNOW U NEED TO CONFIRM WITH YOUR PIN DETAILS AND SECURITY CODE FOR ONLINE BANKING.
ALICE IT IS.....BLA BLA BLA ...(SHE GIVE OUT THE DETAIL)
NOW ITS OVER SHE HAS BEEN COMPROMISED JUST BY ASKING FEW QUESTIONS. NOW BOB CAN LOGIN TO THE ALICE ONLINE BANKING PAGE.
This is also been done by recorded voice call where you cant ask any question.
It will ask you directly about the bank details few people believe machine that the human and they givw out their detail and that call will be recorded.
PASSIVE TEST Here the information is gathered through internet search engine. when you talk about networking you network information is floating in air on internet a good search string will give enough result. You can also perform more advanced query that will be more specific to your network and the host. I doesn't want to give the query list for security purpose. And there are many other software to gather information about your domain and also there are tools which will do the automatic Google query test which will test the address with more than 1000 query strings.
So, people be care full when you speak with some stranger or even with your friends. Most of your so called friend will know ur personal details like your fav colour, your school name, street name,mothers name of course your birthday mobile number and many more so please avoid using these detail as your password for your mail account or for your laptop PC and for banking. The security question will be any of those from above. so be careful when your on internet
According to me Social Engineering is an art. It is not so easy to be an social engineer.
Let me explain you what is it. It is a method used by the hackers to gain access to the victims network or to their system, this can be done even by your friend or your manager or any stranger who is sitting next to you in a bus or train.
"Gathering your personal details and the important detail about your organization by the hacker is called social engineering".
There are two types of test to do this.
1) Active Test
2)Passive Test
*
Active test:Here the attacker will contact the victim physically I mean through phone or in person.
In phone, it is a widely used method to grab you personal details. The attacker will randomly call a person and will start to ask few questions, let me put you an example conversation
BOB: HI THERE, WE ARE CALLING FROM EBAY.
ALICE: hI YA.
BOB: YOU HAD GOT A PRODUCT FROM XXX COMPANY AND THEY HAVE SEND THAT TO YOU BUT WE DON'T HAVE YOUR RECORDS ON OUR DATA BASE, SO CAN YOU PLEASE TAKE SOME TIME TO ANSWER FEW QUESTION
ALICE: WHY NOT GO HEAD.
BOB:
THANK YOU.THESE ARE FOR SECURITY PURPOSE ONLY. CAN I HAVE YOUR FULL NAME WITH YOUR ADDRESS PLEASE
ALICE: MY NAME IS ALICE JON AND MY ADDRESS IS NO 0 BELHILL AVENUE, WESTMINESTER, LONDON WN77AA.
BOB: THANK YOU I appreciate THAT. And can you tell your date of birth please.
ALICE: IT'S 26TH AUG 1979.
BOB: THAT'S FINE. DO YOU HOLD ANY ACCOUNT IN A BANK WHICH HAS ONLINE TRANSACTION FACILITY?
ALICE: YES BUT WHY YOU NEED THAT INFORMATION.
BOB: AS YOUR REGISTERING WITH OUR COMPANY FOR VERY FIRST TIME WE GIVE YOU A CREDIT FOR 10 $ WITH WITCH YOU CAN BUY ANY PRODUCT OF WORTH 10$ IN NEXT 3 WEEK.
ALICE: OH THAT'S GREAT....(SHE GIVE THE BANK ACCOUNT NUMBER AND OTHER DETAIL REGARDING HER BANK.
That's it now BOB got almost all her personal detail.
Next time BOB will call ALICE as if he is calling from her bank which she the detail before.
BOB HI WE ARE CALLING FROM XXX BANK WE GOT AN SECURITY ISSUE WITH UR ACCOUNT. SOME ONE TRIED TO ACCESS YOUR ACCOUNT WRONGLY MORE THAN 3 TIME AND THE ACCOUNT HAS BEEN BLOCKED NOW. IF YOU WANT TO ACTIVATE YOU ONLINE BANKING YOU NEED TO RESET YOUR PASSWORD AND PIN WHICH WE CAN DO IT FOR YOU FREE NOW.
FIRST WE NEED TO CONFIRM FEW THINGS WITH YOU. IS YOUR ADDRESS IS ...................(WHICH HE GOT FROM PREVIOUS CALL)AND YOUR ACCOUNT NUMBER IS XXXXXXXXXXX.
ALICEYES THAT IS CORRECT.
now ALICE will start to believe the guy since he told her address and account no exactly.
BOBNOW U NEED TO CONFIRM WITH YOUR PIN DETAILS AND SECURITY CODE FOR ONLINE BANKING.
ALICE IT IS.....BLA BLA BLA ...(SHE GIVE OUT THE DETAIL)
NOW ITS OVER SHE HAS BEEN COMPROMISED JUST BY ASKING FEW QUESTIONS. NOW BOB CAN LOGIN TO THE ALICE ONLINE BANKING PAGE.
This is also been done by recorded voice call where you cant ask any question.
It will ask you directly about the bank details few people believe machine that the human and they givw out their detail and that call will be recorded.
PASSIVE TEST Here the information is gathered through internet search engine. when you talk about networking you network information is floating in air on internet a good search string will give enough result. You can also perform more advanced query that will be more specific to your network and the host. I doesn't want to give the query list for security purpose. And there are many other software to gather information about your domain and also there are tools which will do the automatic Google query test which will test the address with more than 1000 query strings.
So, people be care full when you speak with some stranger or even with your friends. Most of your so called friend will know ur personal details like your fav colour, your school name, street name,mothers name of course your birthday mobile number and many more so please avoid using these detail as your password for your mail account or for your laptop PC and for banking. The security question will be any of those from above. so be careful when your on internet
Good posting and at the same time I want to add here that this adds another danger to the life netizens. It is called cyber stalking and this very dangerous for knowing details about it pl follow www.urproblemmysolution.blogspot.com and recently I investigated a case where the miscreant posted the detail of an Indian housewife in the sex site with her phone number and her life was becoming hell but when she lodged complaint before us we managed to track him. I am discussing here how we did but we did and that man could not think that he might be caught.
ReplyDeleteSo these posting will also aware the people to know all this things.
Thanks