What on earth is Social Engineering?
Most people are aware of terms like phishing and malware, but do you know those are a part of a larger scheme called social engineering? This is not a new kind of fraud, in fact it’s been used for many years to manipulate a wide range of people into giving up important data about themselves or workplace. A prime example of social engineering goes back to Greek mythology with the Trojan horse. They infiltrated the city of Troy with a “peace offering” filled with soldiers, thus winning the war.
With technology at the forefront of our lives, social engineering has entered a new era. Physical human interaction is not necessarily required anymore. These criminals can gain information through emails, pop-ups and public Wi-Fi networks, to name a few. The main objective is to influence, manipulate or trick users into giving up privileged information or access within an organization. They are doing this right under your nose, and if you’re not paying attention you will be a victim of this as well.
With technology at the forefront of most businesses, external threats are becoming the benchmark for social engineers. They can hack into core business processes by manipulating people through technological means. There are so many ways for social engineers to trick people, that it is best to ensure you are well versed in some of the ways they can hack your system.
First of all, baiting can be done both in person and online. Physical baiting would be a hacker leaving a thumb drive somewhere at a business, then an employee picks it up and plugs it into a computer. Could be curiosity, or simply thinking a co-worker left something behind. However, as soon as the thumb drive gets plugged in, it will infect your computer with malware.
The online version of this could be an enticing ad, something to pique interest. Things like “Congrats, you’ve won!” Also, there is scareware, in which users are deceived to think their system is infected with malware, saying things like “Your computer has been infected, click here to start virus protection.” By clicking on it, you unintentionally downloaded malware to your computer. If you understand what you are looking for, you can usually avoid these situations.
This is probably one of the most popular social engineering attacks. Fairly generalized, this usually comes in the form of an email. Often, they ask the user to change their email, or login to check on a policy violation. Usually the email will look official and even take you to a site that looks almost identical to the one you may be used to. After that, any information you type in will we transmitted to the hacker. You just fell for the oldest online hack in the book.
Similar to generic phishing, spear phishing is a more targeted scam. This does take a little more time and research for hackers to pull off, but when they do it’s hard to tell the difference. They often tailor their messages based on characteristics, job positions, and contacts belonging to their victims to make their attack less conspicuous. This could be in the form of an email, acting as the IT guy with the same signature and even cc’s to co-workers. It looks legitimate but as soon as you click the link, you are allowing malware to flood your computer.