Social engineering, in simple terms, refers to the manipulation of people by acquiring confidential information from them which is primarily done by exploiting them psychologically.
It is not the same as hacking but is primarily concerned with playing with one’s mind or confidence to extract the privileged information.
Social engineering tactics consist of acquiring the information that may vary from your computer password to your bank information. It is as similar to the TV show The Mentalist, where the protagonist Patrick Jane often uses pretexting to trick criminals into confessing to the crimes they committed.
Likewise, we can say it corresponds to the lack of knowledge of people about the protection and security of the use of their personal data.
Let’s talk about some examples of social engineering to understand it in a better way!
Some techniques and classic examples of social engineering are:
This occurs when the attacker counterfeits the supposed victim to gain access to his private data. According to Sal Lifrieri, a 20-year veteran of the New York City Police Department, the criminal tries to make the person feel comfortable with familiarity. They might learn the corporate lingo so the person on the other end thinks they are an insider.
This technique can be used to fool businesses, co-workers, banks and even the police authorities!
All the attacker is required to do is make up a perception of his goodwill and authenticity in the mind of his target.
In addition, sometimes an authoritative voice and the claim of having a genuine background can make the task plain sailing!
As stated earlier, in this techniques also, the phisher can send an e-mail to the target. The e-mail appears to come from a verified background —a bank, or credit card company—requesting “verification” of information.
The scenario is created in such a manner that the recipient is compelled into installing malware on their device, particularly through E-mail. By the same token, the information entered gets stolen and revealed. ( Read about the top social engineering scams in 2017)
The worst phishing attacks include making charity pleas from people after natural disasters or tragedies, exploiting people’s to make grants and donations by inputting the payment details!
QUID PRO QUO
Quid pro quo means something for something. As the name suggests, this social engineering technique prompts and influences the person involved.
Basically, to share the information in return for something desirable. It can be in return of some ‘help’, compensation or even a free gift!
In a 2003 information security survey, 90% of office workers gave researchers what they claimed was their password in answer to a survey question in exchange for a cheap pen.
Too good to be true? Yes, it is! (Also read about India’s first mobile food testing lab inaugurated in Goa)
The Role of the Social Network and its alarming Effect!
Recent social engineering attacks indicate how social networking sites have made social engineering attacks easier to administer. Furthermore has become very convenient for social engineers to visit the LinkedIn profiles and Facebook profiles of companies and their workers. By which enough information can be gathered to block an attack.
Online scams sway their targets by means of fear and even curiosity. For instance, by the means of breaking news events, holidays, pop culture and so on.
How to stop social engineering: Awareness and prevention plan
Social engineering awareness is becoming crucial to make people aware of it and teach them its corresponding prevention. Likewise, the companies and we individuals can adopt the following measures to circumvent such scams and attacks
- Educate. Educate yourself and your employees. If we wouldn’t know about it in the first place itself, how are we going to defend ourselves against it?
- Be careful of what information you are disclosing. This also considers the verbal communication you make with your friends and co-workers.
- Explain your policy by giving examples. Forwarding the emails drafted in the legal language won’t be adequate. Create scenarios and demonstrate the probable social engineering attacks.
- Do not click on embedded links in emails, especially from an unknown sender. In case the sender is known, verify the genuineness of the structure of the email, beforehand.
- Keep your software updated. “A lot of the information given out really would not be damaging if the target keeps his software up to date”- Chris Hadnagy.
- Last but not the least, trust your intuitions. If you get a feeling that someone is asking for any information that shouldn’t be disclosed, do not share it!