Social engineering is a non-specialized system cyber attackers utilize that depends intensely on human communication and regularly includes fooling individuals into breaking standard security rehearses. The accomplishment of social engineering systems relies upon attackers' capacity to control unfortunate casualties into playing out specific activities or giving confidential information. Today, social engineering is perceived as one of the best security dangers confronting associations. Social engineering contrasts from customary hacking as in social engineering assaults can be non-specialized and don't really include the trade-off or misuse of programming or frameworks. Whenever fruitful, numerous social engineering assaults empower attackers to increase real, approved access to confidential information.

1. UNIVERSITY OF THE CUMBERLANDS
Social Engineering Attacks in IT World
Akshay Mittal
ITS – 832-31
InfoTech in a Global Economy

2. Introduction
 Social engineering is a non-specialized system cyber attackers utilize that depends intensely on human communication and regularly
includes fooling individuals into breaking standard security rehearses. The accomplishment of social engineering systems relies upon
attackers' capacity to control unfortunate casualties into playing out specific activities or giving confidential information. Today, social
engineering is perceived as one of the best security dangers confronting associations. Social engineering contrasts from customary
hacking as in social engineering assaults can be non-specialized and don't really include the trade-off or misuse of programming or
frameworks. Whenever fruitful, numerous social engineering assaults empower attackers to increase real, approved access to
confidential information.
 Baiting, Phishing, Pretexting, Quid pro quo, Spear Phishing, Tailing are some of the biggest social engineering attacks world is facing
these days. The Healthcare and Financial industries are mainly targeting in the social engineering attacks.

3. Background
 Information security is a system which protects data and information from unauthorized access of to a company or organization. It helps
the user to protect the data from disclosure, disruption, unwanted modification etc. It not only provides protection to the stored data but
also to the information which is in transit. Therefore information security system must be implemented in an organization to secure huge
data.
 Social engineering is nothing but a part of an information system, it is the act where people are psychologically manipulated into
divulging confidential information. These people are outsiders and are planned and trained for attacks. Such outsiders are mainly
connected through socialization.
 Reverse social engineering is a subset of social engineering, where the target himself goes to the attacker unwillingly. These attacks are
tough to manage as the person himself approaches the attacker. Common sense is the best way to minimize such attacks.

4. Literature
 Information system security is commonly known as INFOSEC, it can be defined as the combination of processes and methods involved in
keeping the information confidential and preventing unauthorized personals from accessing systems. Information system security not only
assures the integrity of the data but also provides protection to information in storage as well as in transit. The U.S. navy defined INFOSEC as
an amalgamation of computer system security and communication security.
 The increased use of computers and other digital devices in commerce is giving rise to social attacks. To ensure that a company's information is
kept secret, professionals work with security programs along with various hardware and computers in order to take precautions.

6. Critical Analysis
 The term social engineering is used by the hacker community associates. The process of using social interactions is used to obtain
information about a target or victim's computer system. Social Engineering provides hackers with efficient shortcuts, and in many cases
generates attacks that would not be able to perform through other means. Social Engineering is different from other hacking techniques
as it allows access to the information system by obtaining the required information (for example, a username and password) from a
person rather than breaking into the system through electronic or algorithmic hacking methods. These hackers contact the low-level
executives where the security is weak.
 The perpetrator uses psychological manipulation to trick users. They create good contacts through socialization and make users give
them sensitive information. Social engineering attacks which are conducted by outsiders are not a coincidence, they happen by proper
planning. Initially, they used to obtain data from online search, annual reports, directories etc. but, recent studies proved that most of the
time they enter the target company by seeking a close job such an executives helper, driver or janitor's job. Employees targeted by
hackers in social engineering attacks can be explained through a pie diagram as follows:

7. regular employee cashier/waiter call center staff
finance and accounting administration executives and upper management
help desk customers human resource department
unknown

8. Research Findings
 BAITING
 PRETEXTING
 PHISHING
 WATERING HOLES
 WHALING ATTACKS

9. Recommendations
 In this research paper we have studied about that part of information security system which is associated with hacking. Social
engineering is an act where the hackers manipulates the target through socialization to gain access to unauthorised data. That is why
social engineering is also termed as “human hacking”. In social engineering attacks hackers are behind the person instead of system
programs, as these people when gain trust can provide enough information required for attack.
 Phishing is the most commonly found social engineering attack where they use techniques like email and social media to send malicious
links. In order to minimize social engineering and reverse engineering attacks, proper knowledge should be provide along with continues
training sessions. Remember not to open suspicious email attachments and should verify the identity before sharing any confidential
information.

10. Conclusion
 As computing and networking resources have become more and more an integral part of our business, targeting the criminals to perform
their tasks through various networks become easy. Social engineering is a technique where hackers manipulate the users to obtain their
secured data. Social engineering attacks are dangerous as they occur due to human negligence and mistakes rather than software and
operating system errors. In social engineering attacks people do not run behind your windows or system programs, they are behind you.
 Attackers study and script a plan how to target weak points of a person to gain trust and obtain the confidential information. These
people usually take jobs like drivers, helpers or even janitors to study the weak security points. Tailgating is another type of social
engineering where the hacker follows you and gain access to unauthorized data. Therefore prevention of social engineering is a tough
part. Though one time-password (OTP) can reduce or minimize the number of attacks.