Everything should be kept as simple as possible, but not simpler.” – Albert Einstein
The definition of social engineering is the delivery or application of sociological principles towards specific social difficulties and problems!
It’s not what you know about what people can do to you, it’s what you don’t know about what people can do!
Social engineering can be used in a sinister way against you and is a skill which involves the manipulation of people so that you hand over your own private confidential data and feel comfortable in doing so.
There can be varied reasons for people wanting to extract information from you but the main reason is often due to criminal activity where the criminal is actually attempting to deceive you into handing over your financial bank information and passwords for online accounts or to gain access to your computer which in turn will allow them to hack into your stored data and add or remove items without you knowing it.
People with criminal intent wishing to exploit you can use skills called social engineering to take things of value from you. It is easier to manipulate or exploit your own natural tendency to trust people and be nice to get what they want!
It is very difficult for a hacker to gain access to someone’s password and requires hard work but much easier for them to manipulate or fool you into trusting them instead so that you actually hand it over to them directly because you trusted them. There are many ways that this can be done and it is often outside or beneath your own radar!
The banks are always telling us to never trust anyone on face value and that no bank will ever ask for your personal data over the phone or in an e-mail and yet thousands of people are still handing over their personal identifiable information which includes passwords and access to their financial information. This is happening daily around the world on a huge scale and is resulting in millions of pounds of loss and theft.
Here is a good example:
Imagine you live in a mansion or a fortress and there is a crocodile infested moat outside, ferocious guard dogs, Dobermans, German shepherds and Rottweiler’s patrolling your property along with an armed guard with a loaded gun, floodlights and alarm systems, barbed wire fences connected to the electricity supply, tripwires and so on.
You feel safe and you feel protected but the smiling friendly face at the entrance to your property leads you to believe that you feel they are your friend or they may become your friend and you trust them and still with all this security and protection you let them in – because you trusted them – they are delivering your pizza or takeaway!
A police officer may call unexpectedly at your property in an alert and concerned state asking to use your phone due to an emergency and you let him in without checking his identification leaving you completely open and vulnerable to attack simply because he’s not a real police officer and even if you did ask to see his credentials in the heat of the moment we may still not be able to tell the difference between a fake or real ID especially if he is a good actor.
Even if we do take time to check the credentials especially when we may be presented with an urgent scenario, we are not going to go to the telephone and sit waiting for confirmation of this ID whilst there is an emergency of some kind which you have just been led to believe.
All that security and you just let the threat in – bang, bang, bang on the door then a police officer appears in an alarmed concerned state asking for your assistance and you reacted with your natural tendency or inclination to trust that person because it seemed real. You have just been had, you’ve just been taken unexpectedly as the person was operating outside your own radar and they kicked in your vigilance.
How vulnerable are you now?
This is just one of many examples that can take you unexpectedly by surprise and not giving you the time to think.
Let’s say you’re sitting at your computer and you receive an e-mail from someone you trust and know such as a friend or colleague and they ask you to view the following link for whatever reason and out of curiosity you click that link because you know your friend would have never sent it if it weren’t of some value or interest. Now you click the link and your system is now infected with malware which even bypasses your anti-spam software. Now you’re infected and your machine is taken over without you knowing it thus allowing the intruder take over your address book and other contact lists which can result in those contacts being deceived the same way as you just were and so on to the others.
You just let the threat in because of trust!
They can now use your own trust and integrity to manipulate other people that know you and they are in effect imitating or copying you by pretending to be you and all your friends and colleagues will act upon the same trust as you did.
It doesn’t have to be a link either, but can be a picture or sound track etc.
Now they’re in a better position to ask for my money, urgent financial help and so on.
Additionally you may be asked to verify certain information such as confirm passwords or login/user details especially if they are pretending to be someone from support or someone you already trusted such as a web designer, technical support, student assist and the like.
Don’t buy the crooks story!
These are just a few examples of how people can enter your computer where you store all your personal information and once they have one of your passwords they may be able to access all your social media accounts, PayPal or bank account details and even eBay or Amazon.
Most exploits lead you to act automatically without thinking, or to evoke an anxious or urgent response within you so that you act automatically based on trust or concern over a matter.
Social engineering is used by hackers and scammers that rely heavily on the use of manipulation and deception skills by tricking you into believing that you can trust them based on you believing they are somebody else in such a way that you don’t have time to think but rather act upon the suggestion that they have presented you with.
There are literally thousands of deception tactics and approaches including cons that appeal to your ego or your vanity, greed or even selfishness. Be aware of Baiting, Phishing, Pretexting, Scareware, Spear Phishing, Email Links, requests from banks or charities.
How needy and vain are you?
Copyright Open College UK Ltd
Please feel free to link to this post, please do not copy it, it is owned!