Security Through Education

A free learning resource from Social-Engineer, Inc

  • Newsletter
  • Contact Us
  • Social-Engineer, LLC
  • The Human Hacking Conference
  • The Human Hacking Book
Home
  • Home
  • Blog
  • Podcast
  • Framework
  • More
    • Social Engineer Village (SEVillage) at DEF CON
    • SEVillage at DerbyCon
    • The Human Hacking Conference
    • What is Social Engineering?
    • Newsletter
  • Home
  • About
  • Blog
  • Podcast
  • Framework
  • EVENTS
    • Social Engineer Village (SEVillage) at DEF CON
    • SEVillage at DerbyCon
    • The Human Hacking Conference
  • Resources
  • YouTube
  • Linked In
  • Twitter
  • Facebook

The Social Engineering Framework

The Social Engineering Framework is a searchable information resource for people wishing to learn more about the psychological, physical and historical aspects of social engineering. Please use the index below to find a topic that interests you.

  • General Discussion
  • Information Gathering
  • Psychological Principles
  • Influencing Others
  • Attack Vectors
  • Social Engineering Tools

Framework Sections

Section Articles

General Discussion

Select a topic from the index below

  • Social Engineering Code of Ethics
  • Social Engineering Defined
  • Categories of Social Engineers
    • Hackers
    • Penetration Testers
    • Spies and Espionage
    • Identity Thieves
    • Disgruntled Employees
    • Information Brokers
    • Scam Artists
    • Executive Recruiters
    • Sales People
    • Governments
    • Everyday People
  • Why Attackers Might Use Social Engineering
  • Typical Goals
  • Common Attacks
    • Customer Service
    • Delivery Person
    • Phone
    • Tech Support
  • Real World Examples
    • Con Man
    • Crime Victim
    • Phishing
    • Politicians

Phishing

“In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication” [1].

Protection from Fraudlent Messages

We typically associate phishing emails  with poor grammar and misspellings. However, this is not the case in modern phishing, as they are now very realistic replicas. The best defense against fraudulent messages is to not click on the embedded links. Or, to use the log in fields embedded within the messages themselves. Instead, manually type in the trusted entities address into your browser.  It’s important not to copy it from the message, or use a previously saved bookmark.[2]

URL and Email Manipulation

One reason why phishing schemes work so well is that people tend to trust messages that appear to come from an important entity or look important. Indeed, the attacker can easily manipulate a URL to look authentic fooling the victim to click on it. For instance, a URL such as (http://www.company.com) looks almost identical to (http://www.cornpany.com) if the font is right and the reader scans over it. Indeed, an attacker can purchase a domain that closely resembles the legitimate URL. Then, the attacker sets up an email account and spoofs the website.  This requires very little time and effort. This seemingly simple process fools many people into clicking the link and then being hacked.

PhishingPhishing Attack Campaigns in 2016 Shatter All Previous Years’ Records – APWG

Spear Phishing

Due to the success of phishing attacks, malicious phishers have developed spear phishing. Instead of sending out thousands of e-mails randomly hoping a few victims will bite, spear phishers target select groups of people who have something in common and who usually have higher profiles. The emails are usually sent from organizations or individuals the potential victims would normally get emails from, making them even more deceptive.

phishingCloudmark Survey 2016

Penetration Testers

Penetration testers employ the same methods as criminals in order to show a company how devastating these attacks can be. Many companies will spend thousands of dollars on IDS systems, firewalls and other protection devices to monitor the network, but one fraudulent email can lead to total devastation in a company without having to hack one thing.

Back To Top Copyright © 2021 Social Engineer, Inc • All Rights Reserved • Site design by Emily White Designs