Social engineering is defined as the psychological manipulation of people for the purpose of having them perform actions or divulge confidential information. Many companies today spend millions of dollars on securing their data from network attacks with such items as a firewall or an IDS/IPS system, but what happens when the vulnerability is coming from the people you hire to handle the data and information every day. These are the people most social engineering scams target as many hackers use their computer technology and manipulation to take advantage of victims who are just too ignorant or too willing to help.
Social engineering has been largely misunderstood, leading to many differing opinions on what social engineering is and how it works. Many believe that social engineering is simply lying or scamming to gain free and trivial items; others believe that social engineering refers to the tools that a hacker can use to obtain information or favors, while others believe that that it is a science that can be broken down into parts or equations. Social engineering can be used in many areas of life, but not all of these are malicious or bad. Many times social engineering can be used to motivate a person to take an action that is good for them; the majority of social engineering that we will discuss is that which focuses on scams and manipulation.
Social engineering is not just any one action but a collection of actions that when put together, make up the action, skill and science for successful social engineering. The first step a successful social engineer has to take in-order to start his scam is gathering information. It has been said that no information is irrelevant and those words ring true then it comes to SE. Even the slightest detail can lead to a successful SE breach. Just a few questions need to be answered in order to accomplish proper and effective information gathering and with the plethora of social networking sites in use and active today, this task has never been easier as people can easily share every aspect of their lives with anyone they choose, making potentially damaging information more readily available than ever before. Gathering this much information all at once can be overwhelming, which is by many SE hackers use many tools that are readily available to them today. One such tool is BackTrack, an open source Linux distribution which is specifically designed for the purpose of gathering information. Some of the tools included in the distribution are Draids and BasKet. BasKet is similar to notepad but on a much grander scale; this software allows you to copy and paste data, place screen shots, or even tie in Open Office or other types of documents, charts, graphs, and other utilities. Draids is a self-contained web application that once installed and set up, you simply browse to the local host or port you assigned.
Another useful tool that any SE hacker can use to his advantage is called pre-texting. Pre-texting is...