Social engineering: psychology applied to Information Security

Abstract

Psychology and computer science are two scientific disciplines that focus on identifying the particular characteristics of information processing. The first in the human being and the second in the construction of a technical tool that seeks to emulate the brain: the computer. That is why psychology is strongly tied to the moment for people to choose their passwords. Deceptive advertising often compensates (through money, products and free services or other self-esteem tests) to influence a product or service to appear on your social network. In order to increase its consumption among its followers and also to take personal information without your consent. Due to the increase of the use of social networks, our social engineering strategy can efficiently and effectively show that security is subjective and that a significant percentage of users are vulnerable to deceptive advertisement through the internet. This project is based on the need to prevent attacks of information subtraction by obtaining/decrypting the keys of access or in the worst case obtain directly their passwords to the different web services, bank accounts, credit cards of individuals, based on the information that people exposed or share on their social networks. This paper also examines how attackers could obtain/decipher their passwords based on personal information obtained from deceptive advertisements implemented through a social network. The advantage of this approach also shows the user password composition providing a better vision of how hackers use the psychology applied to information security.