2

Sorry if this question is absolutely stupid or irrelevant, but I can't help but ask.

I am just curious about different approaches hackers take in social engineering attacks, and clever examples of each one of the approaches that one can take. And what kind of defenses and strategies that companies might employ in order to prevent such attacks.

If someone can at least suggest a book where to read about the attacks that would suffice too. I recently got very interested in techniques just because it seems like social engineering attacks sometimes require higher level of creativity than actual software hacks.

Thanks to anyone for their input :)

EDIT: I simply would like to know about different strategies employed. Like for example would someone try calling? And if so calling and saying what? Or will someone go to the company in person to try to get access? And if so what will they do to try to get in?
I know the answer might be big, that is why I just want to know about very basic parts of human conscience hackers might try to exploit in order to get what they want. And what companies might do in order to prevent such attacks.

Quillion
  • 1,134
  • 5
  • 16
  • 25
  • On the phone you might impersonate the company's help desk. Any info you have on the company will make you more credible. "We were updating your logon profile and a file has become locked. Tell me your password so I can unlock it. Otherwise you'll lose all your files" – paj28 Nov 14 '13 at 15:33
  • 2
    P.S. I think your question is good so try updating it a bit and posting again – paj28 Nov 14 '13 at 15:34
  • @paj28 Feel free to edit my question however you would like. My poor English skills do not allow me to properly portray my ideas into a proper question. For now I accepted one of the answers, since my question currently is on hold. – Quillion Nov 14 '13 at 15:50
  • This is too broad a question to get an extensive answer on a stackexchange site, but The Art of Deception by Kevin Mitnick is an excellent resource in this area. – Owen Nov 14 '13 at 15:11

1 Answers1

2

The book and methods mentioned in This Thread cover a lot of social engineering techniques. The book is written by Kevin Mitnick, a renowned hacker who now shares his expertise.

The book is pretty dated now, but because social engineering relies on human nature a lot of it is still relevant. This Book is also worth reading, and is more up-to-date, but the basic ideas remain the same.

Community
  • 1
Will F
  • 136
  • 5
  • Yeah, +1 Social Engineering - the art of Human Hacking is excellent too. Even though Mitnick's book seems old a dated (and it is) it's amazing and scary how many techniques still work perfectly. – Owen Nov 14 '13 at 15:44
  • I didn't notice the thread, but that is exactly the type of answer I was specifically searching for. Thanks you :) – Quillion Nov 14 '13 at 15:48
  • Mitnick also offers [security training](http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training), I've taken this course through work and while I found it to be pretty common sense stuff, it helped a lot of not-so-computer savvy people at my office. – Will F Nov 14 '13 at 16:37