Social Engineering

Social Engineering

Make no mistake: social engineering involves a criminal and a victim. It is a manipulative and highly perceptive methods of making people confess confidential information for the profit of a criminal individual or group. These people usually seek passwords, bank information and control of your computer or even e-mail account often as a part of a grand scheme of fraudulent activities. The reason why the criminals are so effective is because they tap into our natural inclinations like trust and sympathy, as you will find out more about later on.

There are many different types of schemes used by social engineering criminals – ranging from fake links to elaborate stories. One instance of this type of cyber crime is a hacker contacting someone on a messaging network, like an online dating site for example, and building up the trust of the victim before using them to hand over passwords or bank account details. This particular scheme is extremely callous yet effective when a hacker creates a scenario giving the victim what they think is good reason to help out the person they have come to trust.

In addition to the very intimate type of social engineering, there are other ways hackers get around this crime. E-mail hijacking is one very effective and popular method used by criminals to gather data. Hackers and spammers take control of people’s e-mail accounts by including illegitimate links and downloads that people feel compelled to click on or download. By doing this, they often end up installing malicious software on their PC – attaining a virus – and giving up their e-mail account to the hacker. This can then cause a real issue as the hacker now has control of their e-mail and can send the link or download to e-mail contacts that trust the hacked e-mail address, hence forming a vicious circle.

One method used that can also fool businesses into disclosing customer information involves research into date of births and knowledge of bill payments to establish a legitimacy of the identity they are using. It all comes down to establishing trust and then exploiting it once obtained.

Password cracking is also something attempted by the social engineer. There are plenty of ways to do it and simply asking a user for their password is the social engineering way to do it. They may pretend to be an IT technician and ask a company for the network password; or even do the work in person by dressing smart and having the necessary information to answer questions. As well as this technique, brute force attacks – the method of being able to detect non-dictionary words by getting a computer to work through the alpha-numeric combinations of passwords – and dictionary attacks – using a file containing dictionary words to search through all of the words people commonly use as passwords – are common password cracking practices.

As you can see, the motivation of social engineers is to gather information on individuals in any way they can. Their successes are broadly down to an understanding of human nature and, in essence, human error but can definitely be prevented by allowing common sense to overrule your natural instinct. Social engineering is most definitely an effective technique in gaining information and is used to make individuals or groups money. Sometimes, the information – like passwords – is sold on the dark web for thousands, whether it is hundreds of names or just a few. There is also a market out there for an individual or small group to take a bank password and clear it out, simply by manipulating one victim only. Social engineers are crafty criminals – do not forget it. The examples of social engineering provided here can act as tips for what not to do when you’re online. However, below we have made a list of our top three pieces of advice to avoid falling for social engineers.
  • Don’t open any e-mails from an unknown address. If you do accidently, make sure you don’t click on any links or downloads.
  • As a general rule, never give money to people on the Internet who ask for it.
  • Always be hyper-aware of what you are doing and who you are talking to. If something doesn’t feel right, don’t do it.

Read more about social engineering in this section.

No posts to display