Social Engineering Prevention

Social engineering is the most dangerous mode of attack used by hackers these days. Reason? A human being has much more potential vulnerabilities compared to the computer system itself. In other words, human beings are easier to fool. Social engineering is the art of fooling the user into divulging confidential or personal information of various organizations that may be used for fraudulent purposes.

  • Some of the famous attacks I used as a hacker before my arrest was to keep an infected USB with a backdoor in my pocket. When I got myself into any office I think I might be interested to gather info on, I would drop the thumb drive behind, chances are someone would plug it in and voila, I’m in.
  • Another method is to manipulate the user through the telephone by pretending to be someone you are not to receive information that’s not meant for you. The master of this is Mr Kevin Mitnick.

Example:

  • Hacker with the knowledge of the IT department’s staff’s name, would make an anonymous random call to the finance department pretending to be him.
  • Hacker would then ask if there is any system down. 85% there usually would be,
  • Hacker will then pretend to send a patch that is actually a backdoor, voila! Otherwise, just a call wasted.
  • Spear phishing methods such as sending malicious emails or links.

Example:

  • Hacker would harvest the entire companies email addresses.
  • He would then remove the CEO (if he plans to pretend to be the CEO).
  • He would also remove the IT department as they will notice the malicious mail.
  • The hacker will then create an undetectable backdoor in the form of .pdf or any format.
  • He will then clone the CEO’s email.  Send an email to all the remaining staffs.
  • The email would say “The retrenchment file for 2018 is attached, get back to me by day end if you have any queries.”

 

This email can even be calculated to be sent at the right hour, usually the hour after lunch as your attention span is at its least sharp or an hour before you head home.

Thus taking advantage of human vulnerability and weakness has become a favourite mode of attack for hackers. Most large organization who were hacked previously faced such attacks.

Educating your staff on social engineering methods is mandatory and the only prevention.

Do contact us using the form below for a quotation.