Social Engineering - Exploiting the Mind
“Dear Friend, I am stranded here and need to get back to our country. I need a favor because I have been robbed of my bag containing my wallet, mobile phone, return tickets and other valuables. I will like you to lend me a sum of $xxxxx or any amount you can afford to help me come home, so that I can sort out my hotel bills fly back home. I promise, that I pay you back with an extra $xxxxx amount as soon as I return home safe .Kindly let me know if you can be of help”.
“Dear Lucky winner, Congratulations, You have won $1million in the Superior globe Jackpot.Kindly contact our agent immediately, for more details regarding your winning at this number 00000000.”
Sounds familiar? This is Social Engineering in a nutshell. Though the term has no affinity towards the good side of engineering and being social, it is primarily anti-social and destructive in nature.Social engineering is the process of manipulating human mind to spill confidential and personal information. This is a well formulated attack crafted by criminals or hackers to trick people into giving away vital information like passwords, bank information and etc. Apart from pulling data, the hacker also forces the gullible user to install a malicious bug and siphons out the necessary information without the user‘s realization. This is smart engineering wherein users release passwords on their own rather than being hacked.
Types of Social Engineering attacks: Tapping people for details
Hacker interacts with people and gets the necessary details. This can happen in any of the following ways:
- Pretending as a valid user of the system, the hacker accesses physically in the form of a helpful desk operator whose disguise is difficult to misinterpret, since they are designated to help employees.
- An over enthusiastic colleague could also impersonate and gain access to other’s systems, on the pretext of solving a problem.
- The hacker can also pretend to be a technical support staff from the organization’s vendor, explaining that he is troubleshooting a particular issue which will require the user to share the ID and password to resolve the problem. Gullible employees can fall trap to such requests if they are not alert.
- Employees can also become victims if they leave important passwords and file names in pieces of paper or printouts and leave it unnoticed, to pave way to the hands of the hacker.
Gaining access indirectly, through computers
Messages that mimic or spoof banks, credit cards or other online purchasing companies like Amazon, ebay are examples of phishing. Asking to verify information, false emails, chats are different ways to capture confidential information. The process is made to look so real, that users when not alert become easy prey for such mails.
A free download of a movie or a music file embedded with a malicious code is an easy access for a hacker to target and obtain specific information. This happens with the victim’s system being infected with malicious software facilitating the hacker to approach deeper into the system.
On-line scams –
Pop-up windows flashing advertisements tempt victims to download or install virus loaded software without them realizing. Trojan worms, viruses and capturing passwords form an integral part of the hacker’s schedule to infect other systems. In addition baits are laid in social media platforms to share information, job portals to name a few.
How to protect yourself from potential attacks?
- Beware of common tricks played by hackers.
- Think twice before sharing confidential information.
- Use paper shredder to destroy confidential passwords and information.
- Set complex passwords which would be difficult to hack.
- Make sure your Username and password are difficult to crack, this is called as two-factor authentication.
- Security questions are a way by which a hacker gains additional access. Set stronger security questions.
- Be extra careful while using credit cards online. Make sure transactions are happening through a secure portal.
- Flush out information from public databases that contain your private confidential information
- Beware of music and movie downloads.
- Secure your computing devices by installing appropriate firewall and anti-virus software.
With the above steps in mind, it is important that users are exceptionally alert while surfing online or doing important online transactions. Step into the hacker’s shoes to understand his motives, this would be lot more easy to protect yourself. Because to beat a hacker, think like one! Simplilearn offers a gamut of training courses in IT Security Management and quality training in Certified Ethical Hacking. Click to know more.
About the On-Demand Webinar
About the Webinar