Social Engineering

Social Engineering is art of manipulating a person to give up his user id and password by building trust with him.

Social Engineering is one of the toughest hack because it requires great skills to gain trust of a stranger and once you gain the trust than it is most toughest hack to protect against.

How to perform Social Engineering..?

You can preform social engineering in million ways. Social Engineers perform their attack slowly as they gathers bits of information to create a big picture while some social attacks can be performed quickly over a phone call or a email. Method depends on your accessibility and ability.

But the process of social engineering is pretty basic.

1) Gather Information of victim 

2) Build a trust

3) Use that trust to gain personal information of victim(id,password) 

4) Use the information(id,password) of accomplish your goal

types of social engineering attack;

1) Phishing: Phishing is a technique to fraud a person via sending e-mail or text message to get the private/curtail information. Generally, phishers sends a mail that appears to come from authentic site like bank or form credit card website requesting a "verification" or "warning" and says to urgent log-in to link provided in that email and link takes you to the cloned website made by hacker appears to be original one, as you log-in your email address and password have gone in hands of hacker.

2) Bathing: In Bathing attacker leaves a malware infected "Pen-drive" or "CD-Rom" in the place where it conformed to be found by victim, as the victim finds it and insert that pen-drive or cd in his computer he install that malware unintentionally on his computer.

3) Pretexting: Pretexting is when one party lies to another to gain access to privileged data. for example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.

4) Quid pro quo: In Quid pro quo attack attacker requests information in exchange for something you want(gifts). what he does is quite simple, he create a survey with question asking your birth place and films you like many more question and when you complete the survey you can win a gift, so in exchange of these little gift he gets all the information about you and from you.

5) Tailgating: In tailgating an unauthorized party follows an authorized party into an otherwise secure location, usually to steal valuable property or confidential information. this often involves subverting key-card(pass) access to a secure building or area quickly following an authorized user and catching the door or other access mechanisms before it closes.

6) Others: there are many more types of social engineering attacks like "diversion theft" mostly performed on transporting companies and "Phone Phishing" it is same as Phishing just performed over a phone call and many more are there let me tell you Social Engineering is a vast subject it is different from all other hacking techniques on this site.

Note: You can get certified in social engineering some sites offer one week course and after that test to make you "certified social engineer"(CSE).