Prerequisites: How to Install Social Engineering Toolkit in Kali Linux?
Social engineering is the act of manipulating people into giving up private or confidential information by appearing to be a likely insiders. For example, asking a person for help with your car and saying you know someone who can fix it if they get you keys to the vehicle. Some people might trust that story and give up their keys, but others might see social engineering as a scam and not hand over any personal information.
Methodology:
Footprinting is an assault using various sorts of distractions in order to gain access to the target’s office or building without any suspicion being raised. This is beneficial when an attacker wants to do something illegal, such as stealing files from confidential or proprietary files on company computers, committing fraud, etc. Footprinting is a much less stealthy method than social engineering, but it always has the advantage of having a low profile and a low chance of being caught. Footprinting is useful in cases where an attacker does not have any special access to the target building and wants to get into it. For example, if someone wanted to commit fraud in a bank and did not know any employees or had no contact with banks previously, footprinting would be used to gain access because an attacker or fraudster would not have any previous information on bank employees or customs they follow so footprinting is the best way for him to find out information about them. These are all valuable pieces of information when wanting to commit fraud in a bank.
Information Gathering Methods:
Social engineering is the act of attempting to manipulate individuals into performing actions or divulging confidential information by direct contact, fake authority, or pretending the appearance of legitimacy. From pretending to be a representative from your company in order to inquire confidential information out of a user on the phone to simply walking up behind someone while they are focused on their device screen and trying to get them to disclose passwords and personal data, social engineering can happen anywhere and offer immediate rewards.
- Eavesdropping: Listening in on a conversation without being noticed. Eavesdropping is a particularly common, and arguably the most effective, type of social engineering. We hear stories of people stealing information every day through phone hacking, but there’s another type of eavesdropping that accounts for millions upon millions of security breaches every year, information being obtained by tapping into someone’s conversation without them realizing it.
- Shoulder Surfing: Looking over someone’s shoulder to see what they’re looking at on their screen without their consent. There are actually a number of different types of shoulder surfing, and the most common is simply looking over a monitor to see what someone is seeing.
- Dumpster Diving: A variation of social engineering that involves specific tactics and equipment used on digital systems like smartphones and laptops. The act of retrieving discarded data or equipment from trashes.
Footprinting Tools:
- Social Engineering Framework
- Hackers, the Journal
- Vulnerable Web Apps Fingerprinting
- PhishingLabs
- Passive Information Gathering
- Google Hacking Database
Countermeasures:
- Footprints can be left in a way that they will not appear obvious to others.
- Footprinting can be done to obtain more information about the building.
- Employees are the only ones who have access to buildings and the belongings inside them. Footprinting employees in a target building can be useful for an attacker because it can give him an idea of what codes or keys he needs to get in, for example, if he wants to steal something from a secure area of a building.
- Footprinting can also be used as an attempt to gain the trust of people.
Conclusion:
Footprinting can be used for several purposes, all depending on the attacker’s situation, and as long as there is no reason to hide its existence. While it can be done in a more subtle way when compared to social engineering methods, it can also be done in an obvious manner. Footprinting requires the attacker to have information on the building or location he wants to gain access to so that he will know what is going on inside of it. This makes footprinting very useful in cases where an attacker does not have any special access to a target building and wants to get inside it but has no previous knowledge of how they work or who they are guarding against.