Social engineering is malicious activity by cybercriminals who aim to psychologically manipulate a targeted victim into giving them information and data.
In social engineering, what is targeted is not a system, but real people targeted to log into the system. Each system is prepared by one person and only certain people are authorized to enter this system. For this reason, even the most impossible to overcome systems become easily passable when the necessary materials are provided.
The usage area of Social Engineering is in every area of life. However, although it may seem easy in reading and theory, being a real social engineer is very difficult and requires years of experience. A social engineer has to gather as much information as possible about the target audience, person, institution or firm. In order to reach his goal, he has to work every step of the way, stitch by stitch. Social engineers have many information gathering methods and tools. The most well-known of these, used by almost everyone, and today’s technology, which is not used anymore, is the “internet”. The attacker who wants to reach his goal will collect as much information as possible over the internet.
Social engineering is just like producing a script. This scenario to be produced has only one purpose; it is to capture enough information to be able to log into the system. In social engineering attacks, people’s weaknesses, fears and carelessness are often used as the biggest weapon. He can reach you as a different person to get the desired information, become friends to gain your trust and even date.
It can be mentioned that important information about institutions and individuals can be reached thanks to the information that has not lost its validity and found on documents that have not been destroyed, which may be found in the garbage of institutions or individuals.
- Your information may fall into the hands of others.
- The honor of the institution or organization you are affiliated with and its image in the society may be damaged.
- Hardware, software, data and corporate employees can be damaged.
- Access to important data may be blocked, monetary losses and loss of time may occur.
Social engineering techniques:
- Shoulder Surfing
- Garbage Mixing
- Trojans
- Role play
- Phishing
- Reverse Social Engineering
Social engineering penetration goals:
- System Hijacking
- Access to Critical Information
- Accessing Target Systems
- Obtaining Admin Rights
- Persistence in the System
- Security
Types of social engineering infiltration:
- Physical Social Engineering
- Social Engineering by Phone
- Social Engineering via Mail
How Do We Protect Ourselves?
To protect yourself, the first thing you need to do is learn how to detect, block, and stop social engineering attacks. If you suspect that someone or someone is trying to target you, never contact that person again. If he is contacting you over the telephone line, hang up. If you are in an online chat, terminate your connection. If it is an e-mail from a place you do not trust, do not download any attachments and delete the e-mail in question.
- Do Not Share Your Personal/Private Information: The more information the attackers have about you, the easier it is to reach you and mislead you to get what they want. Not all information should be shared on the internet.
- Do Not Share Your Passwords: No institution or organization will contact you to ask for your password. If someone is asking you for your password, it’s a social engineering attack.
- Question the People Who Contacted You : You can get a call from your bank or from institutions such as your service provider. If you have any doubts about the caller, you can find the phone number of the organization from a reliable source by asking for the caller’s name and a number where you can reach him.
- Beware of Unreliable Sources:When you want to download a file, you should download it from reliable sources and, if possible, from verified producers and regularly scan your computer for viruses.
