Every big company invests a hell lot of money of on their security issues. But they forget the biggest vulnerability, people. No matter how dependable security systems might be, people with authorized access to those systems will always be a vulnerability. That’s why criminals have begun employing a series of tactics called “social engineering” to convince people to give them access—something that costs companies billions each year.
What is social engineering?
Social engineering is a psychological technique to access information, physical places, systems, data, property or money rather than any technical, hacking or brute force methods. In order to perform social engineering, a hacker relies upon tactics that exploit psychological weaknesses and blind spot so the employee willingly give hackers what they want, like third party access.
.These attacks can occur in a number of different forms, including a well-crafted spear-phishing campaign in kali Linux, a plausible-sounding phone call from a criminal posing as a vendor(caller ID spoofing), or even an on-site visit from a “fire inspector” who demands access to the company’s server room.
Psychological Weaknesses
There are a number of different types of attacks, but social engineers almost always prey upon the following psychological weaknesses in order to get what they want:
Getting a deal. Confidence artists have always relied upon the greed of their victims; social engineers exploit a similar principle. These criminals have often been known to use gifts and giveaways to get victims to let down their guard. Sometimes, the giveaway itself will be used to masquerade a piece of malicious code that the unsuspecting victim then uploads to his or her computer.
Sometimes, social engineers employ a softer tactic, using charisma and humor to gain sympathy or to ingratiate themselves to an individual or group. By establishing rapport and breeding positive feelings, victims are too distracted to realize that they’re being scammed.
Need for closure. The need for closure is a well-documented psychological need, and one which social engineers exploit. In the event that they are ever questioned or confronted, social engineers who’ve done their homework will have an answer to any challenge or question likely to come their way. In most cases, any answer—even if it’s undocumented, unsubstantiated or blatantly untrue—offers people psychological closure, giving them the sense that they’ve done their due diligence.
Fear of conflict.People dislike conflict and confrontation and will use almost any excuse to avoid them. Social engineers exploit this by exuding confidence when they ask for information or physical access that they have no right to. In the serial Mr Robot, Elliot uses the same techniques to gains information from his victim like his favorite book, his pet name etc. When social engineers display confidence, most people prefer to comply with requests rather than challenge them.
How to hack Facebook using social engineering?
There are several methods to hack a Facebook account and Social Engineering is one among them. It is a very interesting method and it does not even require ordinary hacking skills! Only thing that you need to perform social engineering attack is- BRAIN. If simple techniques don’t work then you may use little readymade tools available on internet for called Id spoofing, email spoofing and sms spoofing. This Social Engineering works the best if you
So, in Social Engineering, which is the easiest way to hack Facebook we need to manipulate our target and get required information (not necessarily password!). How? Let me explain-
Step 1-
Gather some important information about your target like his/her email id or mobile number, or Facebook id which he/she use to Log in. You can easily get them by checking his/her profile.
Step 2-
Now, open https://www.facebook.com from your browser. If any account is opened in your browser then simply click Log off button. Now, you will come across Facebook Log in page. Here, click on option “Forgot your Password?”
Step 3-
You will be redirected to a new page asking to enter the account detail which you want to recover. Input email id/ mobile number/ facebook id of your target which you gathered in Step 1 and proceed to next.
Step 4-
In the newly opened window, your target’s account will be displayed now. And, it will also provide some recovery options. But, you need to click on option “No longer access to have these?”
Step 5-
Now, you will be asked to input a new email id or phone number to recover the account. I suggest you to enter a new and unused email id. Here a little bit of suggestion about email id to put in. Don’t use your name of something relating to you in the email id. If you are not able to hack victim’s account then an email will be sent to him that this email id tried to hack your account.So better make a new id with which do not contain information about you. After that proceed to next.
Step 6-
In opened page, a security question will be asked to you. I suggest you to note down the question on a page. If you already know the answer of security question then you have done it. But if you do not know the answer then our work (Social Engineering) starts here.
Now, we shall use Social Engineering to get the answer of Security question from our target. Suppose, the security question is “What is the last name of your primary school teacher?” then I shall show you how to manipulate the target and get the answer.
Conversation between Target and You-
You- Hello buddy, how are you?
Target- Fine and what’s about you?
You- I too am good. So, what’s going on there?
Target- Nothing much, just spending time on Facebook and Internet.
You- Yah, I too. Hey, don’t you think our childhood days were awesome?
Target- Yup. Those days were amazing. I really miss them.
You- And, what about your school days? I mean all the fun with mates, prank with friends and also scolding by teachers!!!
Target- Yes, I too had enjoyed it a lot and I had been also scolded by teachers.
You- So, what do you feel about all those primary school teachers?
Target- Ah! They were almost good. I can remember some of them- Sir and Maidam. They were nice. They even did not beat me when I had not completed my home work!
You- Now, if you don’t mind, Could I know the name of those kind-hearted teachers?
Target- Sure, Why not- A.K. Sharma, B.R. Prasad, Miss Geeta Sinha, B.N. Roy are some of them.
You- O.K. I too had some great teachers. But, now I have some urgent work. So, I need to go. Bye.
Target- Bye.
And, that is it. You manipulated the target and got required information. Now, use any of the acquired name as answer of security question. Chances are that your answer will be accepted. And you will get access to target’s account.
See, how easy it was! You really do not need anything except Brain, Skill and Luck to perform a Social Engineering attack and hack a Facebook account with this easiest method.
Countermeasures:
This social engineering method can also be used to hack your personal bank account and other accounts as well. So these countermeasures are for against social engineering in general.
Never release confidential or sensitive information to someone youdon’t know or who doesn’t have a valid reason for having it—even if the person identifies himself or herself as a co-worker, superior or IT representative. If a password must be shared, it should never be given out either over the phone or by email.
Establish procedures to verify incoming checks and ensure clearance prior to transferring any money by wire.
Reduce the reliance on email for all financial transactions. If email must be used, establish call-back procedures to clients and vendors for all outgoing fund transfers to a previously established phone number, or implement a customer verification system with similar dual verification properties.Establish procedures to verify any changes to customer or vendor
Establish procedures to verify any changes to customer or vendor details, independent of the requester of the change.
Avoid using or exploring “rogue devices” such as unauthenticated thumb/flash drives or software on a computer or network.
Be suspicious of unsolicited emails and only open ones from trusted sources. Never forward, respond to or access attachments or links in such emails; delete or quarantine them.
Disclaimer: This is not a blog which promotes encourages and excite hackers,But its purpose is to aware people that what is going around. But in reality, our goal is to prevent hacking. We believe that unless you know how to hack (ethically), you cannot defend yourself from malicious hack attacks.
Comments
Post a Comment