Tactics of a Social Engineer

http://www.informit.com/articles/article.aspx?p=1350956

Lately in class, we have been talking about social engineering tactics. The article i posted above discusses some of the same techniques we talked about coupled with a few new tactics we didn’t go over. The site describes the 10 most common/popular tactics social engineers are deploying today. Some of the basic tactics  discussed are:

Reverse social engineering- Involves three main steps, sabotaging, advertising, and assisting. The social engineer will contact their target by email or other means and inform them that they have problem within their network security(sabotaging). They will then pose as a security professional an offer their assistance(advertising). Finally, the sometimes desperate or ill informed victims will gladly allow the social engineer access to any information he or she may “require”(assisting).

Vishing – This is a technique we didn’t discuss in class but it is similar to phishing. It involves using automated phone messages to attempt to steal users credit card or bank information. Much like phishing, the social engineer will have an automated message which calls a bunch of different numbers posing as a bank or credit card company. Commonly, the message would say that the users account had been compromised and for the user to call a separate number so they can resolve the problem. After calling , the user would be prompt to enter card and pin numbers, or any information the social engineer wants. Messages are sent out in the masses with these types of techniques. So you might say, “no one would ever fall for it” but even if the social engineer only gets a handful its still a win, the message it self cost the engineer next to nothing to send.

“Getting smahed”- Lastly, getting your target drunk at a bar was the top tactic posted in this article. I thought this was an interesting one because I had never really heard of it used. The engineer could use social networking sites to find out where his target would be. He then would arrive at the bar early to plan out his attack. People are a lot more willing to give up valuable information if they are drunk. And social engineers know how to appear as your friend in order to take advantage of you.

Advertisements