Taxonomy Of Social Engineering Techniques

2209 Words9 Pages
Taxonomy of Social Engineering Techniques [sw1] PERSON –PERSON: PRE-TEXTING: This is one of the most popular and a valued technique a social engineer can use since it needs lots of research about the victim before the actual attack is carried out. In a typical pretext the con artist plans out a design that tend to influence a destined victim for performing certain actions that compromise the information confidentiality. An example of a highly publicized pretext attack is quoted from Wikipedia as [sw2] “On September 5, 2006, Newsweek revealed that Hewlett-Packard 's general counsel, at the behest of HP chairwoman Patricia Dunn, had contracted a team of independent security experts to investigate board members and several journalists…show more content…
Even though this attack is very effective, it has its own weakness of the users becoming suspicious of unsolicited requests. Reverse Social Engineering (RSE) [sw3]: This is a form of attack that overcomes the weakness of the pre-texting attack mentioned above. Here the attacker presents himself as a high level authority so as to influence the victim to establish the contact and ask more questions instead of the attacker initiating the request. This is also termed as Quid pro quo in which the intruder provides some incentive that prompts the victim to reveal information which would not be disclosed otherwise. Reverse Social Engineering can be classified using their characteristics. i) Targeted/Untargeted: In case of a targeted attack, the attacker knows some predefined information about the victim and targets that particular user to extract information from him. In an untargeted attack, random set of users are targeted with a particular motive. ii) Direct/Mediated: In a direct attack, the intruder posts a message or any information directly on a public forum to bait the users into revealing information. In a mediated attack, baiting is carried out as a two-step process involving an intermediate agent whose job is to propagate the bait to the targeted set of users. Based on the characteristics three different RSE attacks are possible. • Recommendation-based RSE (Targeted, Mediated): Most of the social networks (such as Facebook) use recommendation systems to prompt
Open Document