In this tutorial, we will introduce you to common methods of social engineering and how to protect systems against them.
450 
Social engineering is a term used to describe a wide range of malicious activities carried out through human interaction. It uses psychological manipulation to trick users into making security mistakes or divulging sensitive information. You should be wary of any unsolicited offers of help, especially those that offer third-party links. As a rule, in such cases, we are talking about social engineering techniques. This rule is all the more relevant if the user is required to provide account or bank details. In this case, there is no doubt that it is a scam, because self-respecting financial organizations will not, under any circumstances, ask for credentials via email. mail In addition, we strongly recommend checking the address of the sender of the e-mail message. mail and verify its legitimacy.
Among the most popular methods of social engineering, the following can be distinguished: Baiting or live fishing (the user is lured to the attackers’ website by deception, after which malicious software is installed on his computer), phishing (sending fraudulent messages in order to obtain confidential data), vishing (using a system of pre-recorded voice messages to extract personal data) or fake antivirus (using false messages about the infection of the PC system and its treatment with software that infects the computer). The weakest link in the protection of any system is the users themselves. Social engineering tries to exploit people’s inherent weaknesses, e.g. haste, greed, altruism or fear of an official institution, in order to obtain confidential information and further access to the system.
The section reviews software products used for social engineering.
An open source penetration testing platform designed for social engineering. SET has a number of attack vectors that allow you to quickly launch a believable attack.
Fluxion is a remake of vk496’s linset with fewer bugs and more features. The script attempts to obtain a password (WPA/WPA2 key) from the target Wi-Fi access point using social engineering (phishing). It is compatible with the latest release of Kali (Rolling).
Seeker finds the exact location of a smartphone using social engineering. The concept of Seeker is simple, just like we put up phishing pages to get credentials, why not put up a fake page that asks for your location like many popular location-based websites. Seeker runs a fake website on an embedded PHP server and uses ngrok or Serveo to create a link that will create a tunnel and redirect the target to the created site.
CATPHISH creates similar domain names and tries to check their availability. The received information can be used for phishing, corporate espionage, and also for their detection.
450 
309 
286