Human Hacking is also known as Social Engineering. It is an art of extracting information from humans, either by email or by call spoofing and pretending to be someone else.
For example, pretending to be the IT guy and asking if all the services are running just fine and still convincing the employee to install an update patch which is some sort of malware. Phishing, a type of social engineering attack, is a very common and efficient way of pulling out information from a user which will then aid in the attack.
The methodology of social engineering can be boiled down to four types:
1. Baiting
This technique uses the quality of an individual against them in giving out important information or infecting their system with malware.
2. Pretexting
This method builds a very good yet believable scenario and strategically takes out the information from the user.
3. Phishing
It targets a user with a specially crafted email or website with a similar URL and tries to get the sensitive information. Sometimes, it also attempts to convince the victim to install a malware onto their system to further execute an attack.
4. Scareware
As the name suggests, it is used to scare the end user. It creates an illusion for the user that their system is under attack and in return will make them install a malware on their computer.
For example, pretending to be the IT guy and asking if all the services are running just fine and still convincing the employee to install an update patch which is some sort of malware. Phishing, a type of social engineering attack, is a very common and efficient way of pulling out information from a user which will then aid in the attack.
The methodology of social engineering can be boiled down to four types:
1. Baiting
This technique uses the quality of an individual against them in giving out important information or infecting their system with malware.
2. Pretexting
This method builds a very good yet believable scenario and strategically takes out the information from the user.
3. Phishing
It targets a user with a specially crafted email or website with a similar URL and tries to get the sensitive information. Sometimes, it also attempts to convince the victim to install a malware onto their system to further execute an attack.
4. Scareware
As the name suggests, it is used to scare the end user. It creates an illusion for the user that their system is under attack and in return will make them install a malware on their computer.
If you wish to share more information on the topic, please share it in the comments below.
Thanks
I am an engineer who admires technology and related stuff. Apart from tech, I play badminton, love swimming, am foodie and a big Harley Davidson fan.
ConversionConversion EmoticonEmoticon