At Ascend Technologies we spend a lot of time breaking into our clients’ networks as part of our Penetration Testing services. A major component of our methodology involves social engineering.
We're breaking down what social engineering is and discussing the most common types of tactics hackers use today to break into your network. This is one you don’t want to miss!
Social engineering, in terms of security, refers to the art of manipulating people to take an action or divulge confidential information.
Some of the more notable Social Engineers in history include Victor Lustic — the man who "sold" the Eiffel Tower, Frank Abagnale — the inspiration behind the movie and musical "Catch Me If You Can", and Kevin Mitnick — notorious hacker who was responsible for multiple hacking-related events with the FBI.
Common Social Engineering Attacks
Let's look at some of the more common social engineering attacks that you're facing, even today.
Phishing — This is essentially casting a large net, think of it as somebody on a boat trying to catch as many fish as they can. These emails are very generic, typically fraudulent bank emails or impersonating a large brand. Since these target a wide variety of people, the success rate is actually quite low. Spam filters catch these fairly easily, as do many users.
Spear Phishing — This is a lot more targeted. Phishing, but with research behind it. Typically in these types of attacks, the attacker will do research on a couple of people within the environment(s) and mimic emails that key individuals are likely to fall for. These attacks have a much larger success rate, around 50 - 80% in most cases.
Vishing — People are less familiar with this, but many people have experienced this type of attack before. This is where an attacker sets up a rogue IVR (interactive voice response) system and mimic a system like your bank to harvest usernames, passwords, and personal information.