Social engineering

SOCIAL
ENGINEERING
It uses psychological manipulation to trick
users into making security mistakes or giving
away sensitive information. The term is used
for a broad range of malicious activities
accomplished through human interactions.
HOW SOCIAL ENGINNERING
WORKS

Most social engineering attacks rely on actual communication between attackers and
victims. The attacker tends to motivate the user into compromising themselves, rather
than using brute force methods to breach your data. The attack cycle gives these
criminals a reliable process for deceiving you.
 Investigation- is when an attacker
performs their reconnaissance .
They might choose their targets
based on position within an
organization, ease of access, or
they might choose a wide range
STEPS FOR A
of targets just to see what sticks.
SOCIAL
ENGINEERING
ATTACK Exit- points to the end of the
lifecycle. The social engineer will
attempt to remove all traces of
their presence and bring an end
to their charade.
Hook- involves the initial
interaction with the target;
ranging from email to in person
contact. During the hook, the
attackers focus is on spinning a
web of lies to manipulate victims
at their will
Play- gains a stronger foothold
and carries out the attack.
Depending on their goals, they
will begin disrupting or stealing
sensitive and valuable data.
 Phishing - This is a fraudulent practice of sending emails purporting to be from
reputable companies in order to induce individuals to reveal personal
information, such as passwords and credit card numbers.

Dumpster diving- searching an individual or organization’s trash for useful

Types of social information such as bank receipts, notes with passwords and private
information.

engineering
attacks Baiting- This is a type of social engineering attack that involves enticing a user’s
to engage with some type of media. These attacks come in two forms, digital
and physical.

Scareware- Involves victims being bombarded with false alarms and fictitious
threats. Users are deceived to think their system is infected with malware,
prompting them to install software that has no real benefit (other than for the
perpetrator) or is malware itself. Scareware is also referred to as deception
software, rogue scanner software and fraud ware.
 1. Maltego

Maltego is an open-source intelligence investigation tool that displays how various

bits of information are connected. We can use Maltego in order to find connections
between people and several information assets, including email addresses, screen
names, and social profiles, and other information which connect a person to a service
or organization.

SOFTWARE This information can be used to simulate a social engineering attack in order to help us
evaluate our employees' security awareness.

SOCIAL 2. Software engineering toolkit(SET)

ENGINEERING u The Social Engineering Toolkit is an open-source, python-driven toolkit for social
engineering penetration testing. SET offers several custom attack vectors that
allow us to quickly set up a reliable attack in no time.
TOOLS 3. Wifiphisher

u This is a one-of-a-kind social engineering tool that automates phishing attacks on

Wi-Fi networks in order to obtain the WPA/WPA2 passwords of a target user
base. The tool can select any nearby Wi-Fi access point, de-authenticate all
users, and create a cloned access point that does not need a password to join.
 4. Metasploit
Framework is a penetration testing tool that can help you
identify, exploit and validate vulnerabilities. It delivers the
content, tools and infrastructure to conduct extensive
security auditing along with penetration testing.
EFFECTS OF SOFTWARE SOCIAL
ENGINEERING TOOLS IN A BUSINESS
Financial loses

Disruption of business activities

Hit by a ransom ware

Damaged reputation

Loss of productivity since all operations stop running normally (Disruption)

Decreased employee morale

WAYS TO PROTECT YOUR ORGANIZATION
FROM SOCIAL ENGINEERING ATTACKS

Have a structured
Train staff to be Impose proper
program for Rollout sensible
alert and credential
regular software restrictions
cautious tracking
updates

Hold every
Implement
Train staff to verify department Increase physical
backups with
all requests accountable for security
best practices security

Take advantage
of resources (i.e.
companies
firewall filters)
 1. Invasion of privacy
2. Data is compromised
3. Loss of Funds

Effects of Ways to protect yourself from Social engineering attacks

social 1.

2.
Be alert and cautious of the information you give to people
Proper disposal of confidential documents
engineering 3. Ignore any request for personal information or passwords
sent to your email.
tools on an 4. Reject request for help or offers for help.

individual 5. Set your spam filters to high

REFERENCES

1. Social Engineering in Kali Linux - java point. www.javatpoint.com. (n.d.). Retrieved October 24,
2022, from https://www.javatpoint.com/social-engineering-in-kali-linux
2. Gonzalez, C. (2022, May 3). Top 5 social engineering techniques and how to prevent them. Exabeam.
Retrieved October 24, 2022, from https://www.exabeam.com/information-security/top-8-social-
engineering-techniques-and-how-to-prevent-them-2022/
3. Kaspersky. (2022, March 9). What is social engineering? www.kaspersky.com. Retrieved October 24,
2022, from https://www.kaspersky.com/resource-center/definitions/what-is-social-engineering
4. ID Agent. (2020, August 4). 3 tools to stop social engineering attacks in their tracks. ID Agent.
Retrieved October 24, 2022, from https://www.idagent.com/blog/3-tools-to-stop-social-engineering-
attacks-in-their-tracks
5. Kali Linux: Top 5 tools for Social Engineering. InfoSec Resources. Retrieved October 24, 2022, from
https://resources.infosecinstitute.com/topic/kali-linux-top-5-tools-for-social-engineering/