What is Social Engineering?

social engineering technique preferred hackers
social engineering technique preferred hackers

Last updated: June 8, 2024

THEsocial engineering is a clever method where we manage to obtain confidential information directly from people without them realizing it. Surprisingly, instead of relying on software, this technique skillfully uses the trust of individuals.

First, the hacker gains the trust of his target to extract valuable information, often relating to computer systems. Indeed, this practice targets human and social vulnerabilities, directly linked to the computer system in question.

For example, the most common technique is to show up at a company armed with a fictitious "mission order" to supposedly update the antivirus on the assistant's computer. However, the real objective is quite different: install a keylogger to collect all passwords entered.

It is important to emphasize that social engineering is not new. Notorious figures like Kevin Mitnick or Frank Abagnale have made history with their exploits. According to Kevin Mitnick, it was easier to exploit human nature than to find flaws in software.

So without further ado, let’s take a closer look at the various social engineering techniques used by hackers.

Social engineering by telephone

On the phone, it is easy to be fooled by an individual. The hacker's goal is to obtain information as quickly as possible.

A good hacker will have prepared his character and his speech. With a few well-placed sentences and the right tone, it will be fairly easy for him to extract confidential information.

Some hackers have some techniques to improve their credibility, such as playing a previously recorded tape of office noises on a tape recorder, or even using a free voice modifier to imitate that of a secretary.

A social engineering test

A test carried out on the occasion of the Defcon conference made it possible to assess the risk of disclosure of secret information by company employees.

 135 employees, from 17 large companies, including Coca-Cola, Ford, Pepsi, Cisco, Wal-Mart, were tested as part of this hacking contest.

The results are shocking, since 96% of them, contacted by telephone, disclosed information considered “sensitive”.

Social engineering via the internet

Le social engineering over the internet is similar to over the phone. It can be done by email, by falsified websites (Phishing ).

Often these attacks start with thesending an email by a hacker pretending to be from someone or something you know or trust, such as a friend or your favorite bank.

These emails prompt you to perform an action such as clicking a link, opening an attachment, or replying to a message. The hackers craft these emails so that they are very convincing, sending them to millions of people around the world.

Hackers do not have a specific target in mind, nor do they know exactly who will be the victim. They just know that the more emails they send, the more people there will be who can be deceived.

Social engineering by direct contact

Even if a hacker can do a lot of things by phone or via the internet, it is sometimes necessary to go to the field. Thus, he will be able to study the inventory, take a password written on a paper or install Malware on the victim's computer.

The hacker must be well equipped so that the target does not report anything. Appearance is going to matter a lot. Suit, tie, very well dressed, very clean, briefcase, filled diary, various documents, business card, badge... He will need to have a confident attitude, his gaze straight and his head held high.

If the hacker takes such risks, it is because he is determined to obtain the desired information. It will therefore be very persuasive.