This blog will introduce one of the most essential skills that every ethical hacker and cybersecurity enthusiast uses, i.e Social Engineering.
Social Engineering also knows as social hacking or human hacking. It is hacking without code. Yes, you have read right, this skill doesn’t involve coding directly but it is used with some other skills that can involve coding stuff. Also, this skill doesn’t require any prior knowledge of anything.
So, now, many of you, maybe thinking WTF is this social engineering?
Social Engineering is a kind of manipulation technique in which instead of exploiting any web, app, or coding kind of stuff, we exploit a human mind to gain some valuable information, assets, or anything else. It totally depends on the person what he wants to achieve using social engineering.
Now, let’s understand this by an example.
For example — let us assume a situation, Yesterday your college result got announced and you don’t want to tell your marks to your friends. So what can they do? Nothing since they require your college registration number and your d.o.b, to check your marks on the college website’s result portal.
But what a hacker’s mindset is different from others, One of your friends has knowledge of social engineering, so what he does is?
He calls your father and explains to them an imaginary situation that your phone got switched off due to low battery or due to any other issue, and you needs to fill a form for some college document works and needs access to your application form in order to see a few data like registration number, application number, d.o.b, etc. Since he is a good friend of yours and your father knows him, they sends you his application form which his father had downloaded when he applied for college admission. Now, you have gotten all the required info and also some extra information by which you can easily view your friend’s result. This is an example of a simple social engineering attack.
Now let’s take one other example but this time we will be seeing the bad side of social engineering attacks.
Example2 — Let us assume you are searching for a job and applying on job posting sites for jobs of your interest. Here, the attacker is a scammer whose only intention is to scam people’s money. He created a fake job posting on LinkedIn and unknowingly you applied at that since you have not noticed that it’s fake job recruitment. Now, the attacker has got your resume which contains a lot of info about you including your name, email, and phone number. Now he creates used his fake mail template which states that you won a cash 100$ amazon voucher and a link that starts with amazon.com as per the visibility but since its a mail template, the attacker has embedded his own fake website link which looks similar to amazon’s login page. You clicked on the link and tried to log in on that portal, but it shows that the server is under-maintained. Since the attacker has got your amazon login credentials, he logged into your account and created purchased a voucher or did online shopping for any virtual product. Since amazon doesn’t ask for any top if you are paying via amazon pay balance. You received a message from amazon that your purchase of blah blah produce is successful. You are in shock and the attacker is in full-party mode. Now, let’s understand what exactly happened.
The attacker used fake job posting for gathering data about you, then he used social engineering to convince you that you won a $100 voucher by using your information and using phishing techniques and rest he exploited the vulnerability in amazon that they don’t ask for top or anything else why paying using amazon pay balance.
These two are just easy examples of social engineering, there are a number of situations where it is used for achieving a variety of objectives.
Now, let’s understand how you can learn this skill.
I say this is just a kind of game and totally your mind’s creativity and how out of the box, your mind thinks. You can learn about a few of techniques by reading blogs, books, and writeups and from case studies, but the skill is inborn. You have to train your mind for creating a mindset like that. Below i mentioned some of the best resources which will help you in learning social engineering techniques and a mindset by which you can create your own techniques.
Books and Online Courses -
https://github.com/v2-dev/awesome-social-engineering
This is the bible for learning social engineering, it contains everything you want for learning. If you need some more guidance, then free to contact me on any of the social media platforms.
In the next part, we will learn about some cool social engineering attacks with examples. Until then follow me and check out my other blogs.
You can follow me for learning my writeups on topics related to ethical hacking and cybersecurity and a few topics on technology and to knowing my tips and tricks which I use to save my time and for better results.
https://linktr.ee/dheerajydv19