Friday, April 29, 2011

Common Types of Social Engineering



Social Engineering can be broken into two types: human based and computer based

  1. Human-based Social Engineering refers to person to person interaction to retrieve the desired information.

  2. Computer based Social Engineering refers to having computer software that attempts to retrieve the desired information
Human based social engineering involves human interaction in one manner or the other. Computer based engineering depend on software to carry out the task at hand.
Gartner Group notes six human behaviors for positive response for social engineering. Corroborate this with the traits discussed in module one of the course.
Reciprocation
Someone is given a "token" and feels compelled to take action.
You buy the wheel of cheese when given a free sample.
Consistency
Certain behavior patterns are consistent from person to person.
If you ask a question and wait, people will be compelled to fill the pause.
Social Validation
Someone is compelled to do what everyone else is doing.
Stop in the middle of a busy street and look up; people will eventually stop and do the same.
Liking
People tend to say yes to those they like, and also to attractive people.
Attractive models are used in advertising.
Authority
People tend to listen and heed the advice of those in a position of authority.
"Four out of five doctors recommend...."
Scarcity
If someone is in low supply, it becomes more "precious" and, therefore, more appealing.
Furbees or Sony Playstation 2.
Source: Gartner Research

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.