Is it possible to hack humans? social engineering
El Art of Social Engineering y how to hack humans
It sounds shocking and the headline is quite aggressive, but ... no less true.
Is it possible to hack humans? hack a person?
No, we are not talking about Hacking your accounts or your computer by implanting complex codes. We are talking about To hack su way of thinking, hack his head, hack a human
Well, if it wasn't, I wouldn't be writing this, so let's take the question for granted and get to the point. Below you will learn a few methods that will help you protect you from Social Engineering, or implement it to misuse it. Depending on which side you are on.
Let's clear up a couple of points. It is true that there are currently many security solutions, antivirus, anti-malware, blockers and others that will help us navigate with some security on the net, I repeat "something."
Now let's stop being childish for a moment and call things by name.
The line that separates an experienced hacker or scammer from your credentials is really small and no matter how many security methods you implement, the only one that can protect you is you.
An antivirus will be of little use if you are scammed with Social Engineering.
Online Εδώ θα βρείτε τα καλύτερα αδειοδοτημενα καζινο ελλαδα. Απολαύστε μια μεγάλη ποικιλία παιχνιδιών, απαράμιλλη ασφάλεια και γεναιόδωρα μπόνους - δεν θα αποητευτεns.
Social engineering to attack companies.
In the case of wanting to attack companies, a hacker would study both the company and the people within them in order to carry out an in-depth investigation that provides them with information to carry out their plan.
An attack of this magnitude can take a long time to carry out and all the information will never be requested at once, it is more of a step-by-step compilation. This could be done with different methods, through phone calls, emails, complaints, technical problems or etc ...
A hacker can present himself as a curious person or someone interested in the company, he can impersonate another person with a simple identity theft or he can try to blindly pull through your mail inbox. It can pretend that it wants to work with you to get information about its points of interest and then launch a custom attack.
How to get contact information.
It is very easy to get contact information for a company if they are not displayed on their website right away.
Find Emails from websites.
With hunter.io You will have access to the email addresses that are related to the company (Through a web domain) and there you will find the weakest link or the department of the company for which you are most interested in accessing.
Find phone numbers
Phones are not difficult to find either, assuming that the web page does not offer the phone number of its own hand, one of the methods is to force google to tell us with the use of quotation marks ("")
This will force google to search all web pages, including facebook. It will give you the results of any place where the telephone of that company is spoken.
I am going to say little about this, we have facebook, instagram, Linkedin ... it should be noted that if the company has Linkedin they can find the key person for whom they will try to exercise social engineering.
Social engineering for users.
Well, to start with this we are going to put ourselves in the following situation since it will be something more complex and we are going to raise and solve the problem together.
A hacker has found out that "Carlos Cabrera" (FICTITIOUS Person) has an amount of money in paypal that interests him and through social engineering he wants to obtain the credentials of his PayPal account.
What information is available on Carlos Cabrera (FACTUAL PERSON) on the internet?
Let's start with your Social Networks.
The hacker can find your facebook using the quotes in the google search engine: “Carlos Cabrera” Facebook. Or looking for him directly on Facebook.
As you can see, google gives us a lot of results with different profiles. It will be enough to find Carlos's and see the privacy that he has in his profile to extract information that may be useful to him.
If you do not find useful information, you can also do the same on instagram or Linkedin.
The hacker will search all the information regarding to this Carlos in any social network since it is open information and for public use. (So you can see how easy it is to find personal information on the internet and why you don't have to GIVE YOUR INFORMATION ON THE INTERNET)
Having his Social Networks, he will look for things that may be interesting to him to find Carlos's paypal account. For example, through Instagram we can see that Carlos loves taking photos.
AND HE IS PROVIDING A LOT OF INFORMATION ABOUT HIM.
(Don't be stupid and be aware of what a social network is please)
We are going to analyze Carlos.
- Is from Barcelona.
- Likes to travel.
- He likes to play sports.
- Has a Dress Style X.
Let's see, Carlos would be IDEAL to promote a beautiful fictitious product, the "Voyage vox". You could "give" one for Instagram to upload photos with her. Uhm. Let's analyze more.
Carlos would also be IDEAL to promote a brand of the clothing store (fictional)
Carlos would also be IDEAL to promote gym equipment (FICTIONAL)
Okay, there are 3 possible entrances to Carlos.
Which of the three?
We are going to continue assuming that the hacker chooses the one from the Gym.
The hacker creates an Instagram account with images of X brand gym products and impersonates his identity. Complete your profile with a link to your website and an email address is created with the name of the website, if the website is "gimnasioypesas.com" then the email will be gimnasioypesas.publicidad@gmail.com (or any other impersonation be believable)
Ok, the hacker can contact Carlos on Instagram showing his interest in him promoting his products on his account, getting a good incentive. He asks Carlos for an email address and a telephone number to get in touch with him, and he willingly gives them to him.
Having the Mail and the Telephone, Carlos has it raw.
Check PayPal Mail
The hacker can go to Paypal.com and try to register a PayPal with the email address Carlos sent him. In the event that he cannot create the account because that email IS REGISTERED, the hacker would have found the EMAIL address OF YOUR PAYPAL.
So you can proceed in several ways to obtain your password with Engineering.
One of the ways, with a PayPal Xploitz direct to your email. 99% Effective with the information available from Carlos.
If you don't know what an Xploitz is, take a look at the following article.
How can you be 100% insured?
In order to make a Xploitz that works 100% the hacker could call Carlos's phone directly and thus verify his data on the call. For this, it would be necessary to collect more interesting information about Carlos, such as his postal address. Then with a fake PayPal call you can be tricked with:
"Hi Carlos, I'm Antonio, from PayPal."
"We have received a transaction request in your favor for a fairly high amount from an email address that does not belong to your common contacts, following our regulations we have to verify some information so that you can enjoy your money."
"In order to carry out the transaction we will have to verify some information."
It verifies the email address, telephone number, postal address, asks him to tell him the last 4 digits of the bank account linked to PayPal. If any of these data, such as the Postal address, do not match what Carlos says, the hacker can ask what the correct address is to modify it and continue maintaining credibility.
Anything else could work, this is just Sample Text.
In the event that Carlos believed the phone call. The hacker has the job done, at this level it is impossible for Carlos to realize what is going to happen to him.
All this information subtracted through Social Engineering and psychological techniques can be used to personalize the Pishing or mail of the Xploitz. Writing even the last 4 numbers from your bank account, the figure you will receive from the "Unknown Payer" and all the additional information that will make Pishing work.
The hacker will create the email and ask Carlos to enter his PayPal account through the PayPal Link (FALSE), for example www.paypal.com/log-in/verify-account-two-step . If you look at this link, it looks like a PayPal link. If you walk in, it takes you to something totally different. This is Anchor Text. Do you understand its dangerousness?
When Carlos enters the fake URL, he will go straight to an Xploitz that will steal his credentials.
What happens if the hacker does not find the email address of the registered PayPal.
If the hacker does not find the PayPal email address, thanks to the advantage that he has taken from Social Networks and the false attempt to promote his gym on instagram, the hacker will be able to send him a False invoice/Catalog/Contract containing a Keylogger to your email.
Don't you know what a Keylogger is? Then you are going to hallucinate with this article ...
How to create a keylogger - Citeia.com
Conclusion.
Ultimately, this is just a strategy of Social engineering of the thousands that exist, besides that I have invented it on the fly while I was writing it. Not for that reason it is less effective.
Imagine what someone with Experience in Social Engineering can achieve.
You have to understand what dangerous what is the internet and the use of Social Networks. It is necessary to start to become aware of this and stop offering your personal data anywhere. Take security measures and have care on the internet. Google, Facebook (Instagram, Whatsapp), Microsoft, Apple etc ... They offer your data as if it were a free buffet.
Either you protect yourself, or you are alone in the face of danger.
If you want to learn more about Computer Security and Hacking methods, take a look at our articles, subscribe to our Newsletter or find us on Instagram @citeianews.
We hope the article has been helpful to you and we appreciate your sharing it to raise awareness.
Hello. I need your help. I have forgotten the password for an email account. And the number linked to this no longer exists (I changed the number) AND it was the only option to restore my account. I need to know the password and I don't know how
If you can't remember it, it's quite troublesome as you don't have any active recovery methods. Be careful with your next accounts so as not to fall into the same mistake again.