Updated: Jul 2, 2018
-- Transcript --
Typically for social engineering, firstly I must identify my target, know what to do and the scope of my attack. Then I will do intelligence gathering from public records from social media networks. For example when we do interview nowadays, even before you come we already know what is your hobby, who are your friends, your personal background from your Facebook and Instagram account. Then create a believable scenarios.
The easiest social engineering is shoulder surfing, let say if you are in MRT, other people can easily look at what you do with your smartphone. There are actually trained hackers who be able to read your key strokes very quickly. Basically the moment you're typing your ID and password, they can quickly know what you are typing.
Next, tailgating, which someone can pretend to wait outside an office and follow the target walking into office.
Thirdly, dumpster diving is another old technique to steal documents from the target - by obtaining shredded documents and piecing them back together piece by piece.
Pretexting is another technique which someone fabricating a scenario, pretending to ask information from the target in order to confirm more information.
Spear Phishing is targeted attack to employees of an organisation, so that hackers can steal info from that company or hack into their systems. Typically hackers will identify some of the employees, then impersonating as another fellow employee to try to get them to do something to obtain the exploit.
Tired of chasing shadows with regards to combating Ransomware threats? ARWARE offers an alternative method to protect your IT assets via application whitelisting. Click HERE to find out more or contact us for a presentation.
Your IT team are fully stretched to the limit and yet still need to be on top in handling cyber security threats that may affect your business operations? How about having our Managed Security Services (MSS) team off-load some of your IT security responsibilities without having to further grow your team at a considerable cost? Email email@example.com for a appointment to present our MSS offerings and solutions.