What is Social Engineering?
Social engineering is defined as the whole of the processes of trying to obtain the desired information by using various persuasion and deception methods by taking advantage of people's weaknesses. In Social Engineering attacks, there are techniques to change people's decision-making processes, as well as Human behaviors are considered as vulnerabilities and attacks can be made using these vulnerabilities.
This type of attack, which is so common and has a high success rate, is not yet accepted as a serious attack by the vast majority of information security experts. The main reason for this is that social engineering attacks can be performed so easily that it does not require any technical knowledge. However, in security, attacks that are not always difficult, but simple and targeting the end user, do harm.
NarDC Teklif Formu
Social Engineering Tests with NarDC
The increase in social engineering attacks in recent years has caused them to be included in the scope of penetration tests. Three types of social engineering tests are generally performed in penetration tests.
- Tests by phone,
- Physical tests,
- Tests using email
The most preferred method in social engineering attacks is the use of e-mail. Instead of convincing something by calling thousands of people on the phone, it is easier to send an e-mail to thousands of people and click on a link and request information.
Three basic components are needed to perform a social engineering attack over email. These are:
- E-mail addresses to be used in the attack (Corporate addresses)
- Scenario to be used in the attack
- IT infrastructure (sending e-mail from fake addresses, purchasing similar domain names, etc.)