In the age of technology and the Internet, managing people has become easier and can be learned. There are methods that existed and successfully used at the dawn of humanity, which are completely based on the psychology and behavior of people in critical situations. They help guide the opponent into the channel that the manipulator needs.
What is social engineering?
The term social engineering (SI) means several concepts. The first relates to sociology and denotes a set of methods that change human behavior, providing control over others, their actions. These approaches are aimed at changing organizational structures, since the most vulnerable point of any system is the human factor.
In some way, social engineering is a science, and in the field of information security, the term means an illegal method of obtaining information. To date, fraudsters are using known methods, trying to get to the "tidbit" - confidential or valuable information. In the early 21st century, the concept was popularized, although methods for collecting facts and manipulating people were known long before the era of the computer era.
What does social engineering do?
The methodology of management activity can be used not only for selfish purposes (for fraud and hacking). Social engineering in life is used to solve problems in production, in the sphere of social interaction. Constructing various situations, specialists in this field anticipate possible errors and behaviors of people. Activities include procedures such as:
- analysis of the object of activity;
- assessment of his condition in the present and future;
- the development of a new state project;
- forecasting options for the development of internal and external environment;
- implementation of the plan.
As a science, the social development is developing in several directions: it is engaged in the construction of social institutions (health, education, etc.), the formation of regional and local communities, target groups and teams, and the construction of organizations. Social reality can be changed using methods of foresight and prediction, planning and programming.
Social Engineering - Psychology
The methods and techniques of SI are borrowed from practical psychology. If we talk about the use of science for fraudulent purposes, it is very important to understand people who are affected by social engineering, that this direction is inseparable from psychology and NLP. A victim can be much smarter and more educated than an attacker, but this will not help her avoid deceit. Techniques are always aimed at reflex and pattern behavior; they act bypassing the mind, intellect and are carried out at the level of emotions and suppression of attention.
Methods of social engineering
Techniques and techniques of social engineering are based on errors and deviations in behavior, thinking and perception. Basically, they went into the use of manipulators from a rich arsenal of special services. The trick, playing on weaknesses and psychology - all this and much more is used to get the necessary information from a person. You can call the basic methods of socializing "for all time":
- haste, creating a time deficit to deprive the opponent of time to think and verify the data;
- provocation and irony (with the same goal);
- suspicion and indifference (so that the opponent has a desire to justify himself).
Scammers using SI methods constantly improve them. The most popular scheme of deception for today is called phishing (from the English "fishing"). This is the practice of sending electronic messages in order to extract the necessary data. Other well-known techniques used by social engineering are the Trojan horse (when greed and curiosity are exploited), reincarnation or qui about the quo (the deceiver pretends to be another person), pretext (conversation on the prepared script).
Types of social engineering
Depending on the method of influence on the object of deception, the SI is divided into two main types: direct and reverse social engineering. The techniques of the first were described above, and in the second case the victim herself turns for help to the attacker. This man is forced by such actions of intruders as sabotage (creating a reversible malfunction), timely offered advertising services and rendering assistance. The main purpose of the deceivers is to force the object to share its data, provide the necessary information, but for this it is necessary to be a little psychologist.
Social Engineering for Beginners
Recently, social engineering as a science has been dynamically developing, allowing to regulate human behavior and exercise control, but much longer it exists as a methodology for attacks. Professionals in this field have successfully deceived people for several decades, and always the stake was placed on the human factor: curiosity, laziness, fear. In order not to fall into the trap of scammers, you need to be able to recognize the basic techniques of hackers and understand that the information that appears in the public domain can be used against those who have shared them.
Social engineering in social networks
With the increasing role of social networks in people's lives, the methods of SI are successfully applied in them. On personal pages people voluntarily report facts about themselves and their loved ones, willingly come into contact even with strangers, especially if they do not appear to be who they really are. Scammers easily create a fake page of any influential organization or a well-known company and place their "traps" there. In open access everything is in sight, but nothing can be checked.
Social engineering and fakes for the purpose of profit and deceit are common in social networks. There are other methods based on curiosity (the desire to go to an interesting page, to try to find out more about another user) and fear (scammers are represented by the employees of the authorities and require access to the account or simply offer to install an antivirus). The attack of social engineering is successful if the swindler acts boldly and defiantly.
Social Engineering and NLP
Neuro-linguistic programming (NLP) is a way of using knowledge derived from various fields: linguistics, neurology, and psychology - in order to persuade an opponent to make the "right" decision. Management of nervous processes occurs with the help of linguistic means. Principles of social engineering, basic techniques and beliefs are taken from NLP. The victim is affected "in real time", demanding immediate decision-making, turning to the subconscious attitudes of the individual.
Social engineering - earnings
The use of techniques brings results, and manipulation by other people can earn good money, but these methods will be illegal, associated with cheating citizens, unauthorized access to information and access to someone else's wallet. Social engineering is a profession - there is a place to be, but as a kind of sociology. "Advanced" engineers are needed in business, government and law and order, spheres of social and economic life. Their tasks: to optimize management, interaction, to solve arising problems.
Social Engineering - Books
Today, social engineering is of great interest in society. Goals can be different, but interest in management methodology is constantly warming up. To learn manipulative techniques and techniques, you can read books about social engineering written by Kevin Mitnick, a former hacker who hacked information systems of the world's largest companies. These are such publications as:
- "The art of deception" is a collection of stories revealing the secrets of social engineering.
- "The Art of Invasion" - the second book of the series about the attack through computers.
- "Ghost in the network . " Memoirs of the greatest hacker "- an unreasoned story, demonstrating the experience of Mitnick.
Everyone can learn to control the actions of other people and use their knowledge for good purposes. To direct the interlocutor to the "right" channel is certainly convenient and profitable, sometimes for both sides, but it is important to distinguish other potential hackers, manipulators, deceivers and not get caught on their bait. The long-term experience of the SI should be used for the benefit of society.