For the past three decades, most security experts have taken social engineering as a kind of penetration testing or hacking technique that involves tricking victims into giving the hacker the needed credentials. All methods are known to be somewhat comical jokes but are usually very effective. Some known methods involve the hacker disguising himself as a police investigator or even a tech support guy and tricking someone into giving him the username and password of a certain computer facility that he wants to get into. And because of this simple yet tricky method, the gullible victims have unknowingly given the hacker some access into their company’s computer systems, therefore letting the hacker steal the company’s secrets.
However, due to the fact that most people are now being oriented about this kind of trick, companies are now becoming more aware regarding this matter. This is the main reason why hackers now use a more shrewd kind of attack, namely the Road Apple Social Engineering Attack.
Unlike the usual social engineering, the road apple social engineering attack not only preys on the potential victim’s gullibility; the hacker also preys on his or her curiosity. Even though the hacker still uses a somewhat personal interaction, he or she also uses a more technical approach. This approach is usually achieved by means of using a computer virus or even hacking software in order for him or her to have access to the company he or she is targeting.
The kind of attack varies on the mission or task that the hacker is poised to do and accomplish. If someone or somebody hires the hacker to damage a certain company’s computer system, he or she can just program a virus that will definitely do the task. Once done, he or she will upload it inside a cd or usb drive and then simply leave it in a place where a computer is nearby, such as a reception area or even a secretary’s desk. Chances are that these employees will use or open the contents of the cd or usb via a computer, therefore letting the virus spread through the company’s computer system.
If the hacker wants to copy the target company’s files, he or she will program a Trojan instead of a virus and disguise it into a legitimate file, such as a payroll document or even salary records. If people aren’t familiar with the file extensions, chances are that they will be tricked into opening the Trojan, therefore giving the hacker the needed access credentials such as the computer’s IP address, username and password. Once done, the hacker can use these credentials in order to accomplish his task.