Why should we think that the hacking is very difficult and can only be implemented by experts in the field of penetration or security of information, there is a concept that can be shortened all this and called social engineering?
Why not focus on the easiest point in the information security chain of human beings, why are humans the easiest?
The answer is simply because there are no security patches of the human mind, While every day we find hundreds of patches for many programs on computers, mobile phones, and devices.
Imagine you wanted to penetrate someone's device, Suppose you were able to get your password but that word is encrypted! Of course, you can open the password using modern devices to decrypt passwords and if a strong password may take you from hundreds of years, even using powerful devices giant.
But let's go to the weakest episode in the series, humans, and do a study or social engineering for this person, it is very possible to get the password after several hours if not several minutes!
Many people use passwords very easy to save and also makes this word is the password for all accounts. If the hacker knows one of the accounts, he will certainly know all his accounts, including those who use his mobile phone numbers or the names of his children or relatives.
If this person is smart in choosing the password, he may have an impact on account recovery questions such as the first school he studied, or the best meal, and this only needs one question for that person to extract it?
What is social engineering?
Social engineering can be defined as follows: It is the art of penetrating humans to manipulate them and extract information from them in indirect ways, for a goal that can be material or moral.
Who is a social engineer?
Is a person with a deep background in many areas, the most important of which is the technical fields capable of penetrating humans by several methods, the most important of which is the fabrication of stories and the good faith of the victims in order to carry out attacks, Sometimes the attacks are simple and sometimes complicated, so the social engineer uses several ways to reach his goals.One of the most important of these is the telephone call, where he can inspire people as someone who wants to help them or ask them to help and fall into the trap of the social engineer.
The social engineers also have other ways, such as using e-mails to convince employees to open malicious links or files from their target to harm the institution, and this is one of the famous methods they always use.
Who are the targets of social engineering and why are we victims of such attacks?
Anyone can be a victim of such attacks. All of us are actually important data. These data can be important to the hacker, such as images for extortion, information about the organization he works with, any information and any valuable information, even if it is simple.On the one hand, this is the reason why we are victims of such attacks and these are some of the reasons that may make us victims of such attacks :
- As human beings, we always find collaborators and we love to help others, so social engineers are good at making people help them. Often, this aid is sensitive information collected by the social engineer to form a big picture of the goal he wants to penetrate.
- ignorance of the people of social engineering attacks makes them more vulnerable to these attacks and there are no sessions to them to be immune to these attacks, exceptional serious, and also these attacks can be easy to reach people can meet people at work or places of study and others and start tracking them Create friendship at first and then engineer that person socially in order to access important information.
- weak policies in institutions and companies, it does not provide the necessary training for staff to prevent these attacks and does not work to refute information and limited in places and rationing to employees, not all information is important for all employees, and each group should pay attention to information that concerns only, Taking part of the information can not form a general picture of everything.
