Definition of Social Engineering
Social Engineering is the art of manipulating, influencing, or tricking a victim to gain control of the victim’s computer system. The human tendency to trust is exploited by hackers because it is easier than trying to crack a password.
Example of Social Engineering
Email from a friend
Hackers who successfully hack your friend’s email password will have access to the contact list. Since many people use the same password for other accounts, the hacker will likely also have access to their social network contacts as well.
The hacker will then send an email to all of the victim’s contacts using that email, or send a message to the victim’s friend’s social media page. The email or message usually contains a malicious link or download. The hacker then has access to your email account, social network accounts and contacts. They then use your accounts to launch attacks on people in your contact list.
Phishing emails from trusted sources
Phishing is a hacking technique that manipulates victims into performing certain actions such as clicking a link, downloading a file, or paying a certain amount of money. The content of the email usually lures the victim because:
- Contains urgency, e.g. asking for help because a “friend” needs money to pay hospital bills
- Seems to come from a trusted source, such as a well-known company, bank, or government institution
- Ask you to donate money with instructions on how to send the money
- Presents a problem that asks you to verify your information by clicking a link and providing information
- Tells you that you are a lottery or inheritance winner
- Ostensibly your boss or coworker asking for an update on an important project you’re working on, or asking for payment details
Bait scenarios
Some examples are offering attractive discounts. Then, if the link is clicked your account and device may be infected.
Responses from questions you never asked
Cyber criminals may pretend to respond to your “request for help” from the company while offering more help. People fall for this tactic because they feel that even though they never asked, they feel like the topic of the question is related to a real problem.
Creating distrust
Some Social Engineering tactics are to start a conflict by creating distrust. Hackers who have obtained your friend’s account send edited images or audio to create drama, distrust, embarrassment, etc. Many hackers use these edited materials to extort money from either the person they hacked or the hacked person’s friends.
How to overcome Social Engineering practices
- Think before you act, be skeptical don’t let the urgency of phishing messages influence you
- Research the facts, use a search engine to get to the real company site, or a phone directory to find the official phone number
- Don’t click on unfamiliar links, hover your mouse over the link to display the real URL, use a search engine to make sure the link is valid
- Be wary of fake emails and download links, especially if you don’t know the sender personally and are expecting a file from them
- Unrecognized requests are definitely scams, such as lottery or sweepstakes winning emails, money from unknown relatives, or requests to transfer funds from a foreign country to get a share of the money
- Delete any requests asking for financial information or passwords
- Ignore requests for help from charities or organizations that are not related to you
- Ignore offers of help if you did not specifically request help from the sender
- Set email spam filters to high, checking folders periodically to see if legitimate emails are accidentally going into spam folders
- Secure your device with the latest version of antivirus, firewall, email filter, anti-phishing etc.
Social engineering is a hacking tactic that involves deception and has claimed many victims. By staying vigilant while online, you can avoid this cyber crime practice.
Hypernet helps you secure your network. Let’s contact CS to get an attractive offer.
