Abstract
Social engineering is a process that cyber criminals use to psychologically manipulate an unsuspecting person into divulging sensitive details. Social engineering is an extremely powerful tool that can be deployed to exploit the human's element of security and inherently psychological manipulation. According to a security industry survey, social engineering tops the list of the 10 most popular hacking methods. The first step in any social engineering attack is to collect information about the attacker's target. A social networking site is an online platform that allows users to create a public profile and interact with other users on the website. They are also a hotbed for social engineering cyber attacks to personal information; they are a relevant source of wealth of personal and organisational information that can be found within these social environments. This article defines social engineering and some techniques of social engineering attacks based on social networking sites, drawbacks on a users' privacy, and arising implications.
TopIntroduction
The protection of information is of vital importance to organisations and governments, therefore the development of measures to counter illegal access to information is an area that receives increasing attention. Information security is the specific discipline that regards the state of being protected against the unauthorized use of information, especially electronic data, or the measures taken to achieve this.
Even though the effectiveness of security measures to protect sensitive information is increasing, the human element remains a weak link because people remain susceptible to manipulation in order to obtain unauthorized information. Social engineering is the art of using human skills and persuasion techniques to obtain unauthorized information and to gain access to a myriad of sensitive services and data is called. Social networking sites are an ever more popular way for people to stay connected, in touch with other people across the globe, therefore a lot of social data are publicly available, a useful source of data to attackers.
The aim of this contribution is to describe some technologies and methodologies to execute social engineering using social media as specific approach, it also discusses background, knowledge, challenges and critical factors necessary for successful implementation or detection.
Background
A social network is a social structure made of individuals (organizations, company ecc.) also called nodes, which are connected by links represent relationships and interactions between individuals. Social networking sites are an ever more popular way for people to stay connected, in touch with other people across the globe. They become an integral part of personal lives. Business opportunities are formed and lost online. Social network is capable of holding all the private information that one feeds it with. It is thus the responsibility of a user to be accountable of the content one posts via the network.
Persuasion has always been part of human interaction. It can be used to influence and support good or improved behavior (Martin, 2014), but it can also be used to trick and manipulate people into performing actions that can end in some kind of loss, divulging confidential information (Mitnick, 2002) or giving money to fraudsters.
The brain creates routines, which can help deal with and process things more efficiently. But these routines can also compromise the ability to pay attention and to cause the brain to bypass details which would help detect fraudulent content. In addition to that, people generally believe that they are good at detecting social engineering attacks. Research, however, indicates that people perform poorly on detecting lies and deception (Qin, 2007; Marett, 2004).
Key Terms in this Chapter
API: Application programmin interface, a set of subroutine definitions, communication protocols, and tools for building software.
Social Network Security: The process of analyzing dynamic social network data in order to protect against security and business threats.
Third-Party Applications: An application that is provided by a vendor other than the manufacturer.
User Account: An established technique for connecting a user and an information service.
Social Networking Site: An online platform that allows users to create a public profile and interact with other users on the website.
Social Engineering Attack: Various manipulation techniques to elicit sensitive information, manipulating a person into giving information to the social engineer.
Social: Engineer: A person who is expert on the social engineering techniques, he uses deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Social Network: A social structure composed of individuals, organizations, company, etc. that are connected by relationships and interactions.