Question

Choose one of the social Engineering Techniques and write a scenario how it could be used to manipulate others?

Answer 1

Social Engineering is method to convince or manipulate a person or a thing with out their own knowledge and gather the critical information from them.

There are different type's of Social Engineering techniques. We are going to discuss one of them.

Technique :-

Familiarity Exploit - In this technique , an attacker can become as a familiar person to the target and gather the information by different means. The attacker may interact with target during meals, when they are smoking he may join, on social events, etc. He may ask silly questions in order to become close enough. The targets are most likely to reveal answers as they trust the familiar face. Once attacker gains the trust of target, there is no stopping of flowing of information from the target, with out his knowledge.

Scenario : -

Let us assume you met your childhood schoolmate after long time and sharing the same room. The companies you work are biggest rival's. Your friend's manager got to know about you in a social event somehow. He plotted a trail for you using your friend as bait. Your friend started acting strange and close enough, taking very good care of you suddenly. He also spend a lot on you and giving you many presents in order to gain trust. Finally you became close enough to share your personal matters and as well as professional matters. There will be a never ending questions from your friend which does not involve directly related to profession, but he may gather information in indirect ways. Suddenly he has sent a mail to you , as he is familiar to you , you may open the mail and any attachments as well. But later found that the entire organisation is down due to a virus. On the same night , your friend came stating that he got promotion and transferred. Ways departed.  Later it was found that the root cause of the virus is from your desktop or system. You got fired as well due to breach of company policies and for flow of intel about the organisation. In one go , both of your lives has become upside down. Later it was found that your friend is the reason for this situation of your's.

Suggestion : -

Please do not speak about your professional matters with other's and do not open the mail's straight away even it is from you know from years. Proceed through the filtering procedure of mails and report to concern team if you found anything suspicious. Remember that email addresses are spoofed all of the time; even an email purportedly coming from a trusted source may have actually been initiated by an attacker.

Note : -

The above scenario is combination of familiarity exploit and phishing.