Engineers are people who are loved for their intelligence and innovation, but a Social Engineer is not one of those. The term is used vaguely to express the act of tricking someone into revealing information or taking action, usually through the use of technology. The concept of social engineering is to take advantage of a potential victim’s anticipated or kind-of-obvious trends. But first know this: Social engineering is everywhere, online and offline. Technology or not, your data is now worth a lot more than you think. (Related article on 4WAVE: Google is tracking you…)
Every aspect of our daily lives revolves around the use of technology. It seems like it’s always been that way although the iPhone is as old a your youngest teenager. They grow fast. The existence of crimes online is however much older. Bad guys always use the latest sophisticated tools to gain something or another. Whether it was a plastic credit card to get access to your door or a well-written piece of software that grabs and shares all of your personal data. Data science continues to evolve as one of the most promising and in-demand career paths for skilled professionals.
The Most Common Social Engineering Attacks
Phishing & Vishing– A well-known method in which a target receives an email, or text by someone pretending to be a genuine organization to lure individuals into providing sensitive data such as social security numbers, personal information, bank and/or credit card details, and passcodes. Despite its fame, it remains quite successful. Phishing attacks are the most common type of attacks leveraging social engineering techniques.An imposter sends emails that appear to come from a source trusted by the would-be victims; such as the utility company or the bank asking the recipient to click on a link that seems proper and real to update his password or confirm user information. That link; however, links to a malicious website that looks as real as the email to get the user to enter login/password details. If they login, they have potentially fallen victims and handed over their personal credentials; giving the criminal access to their bank accounts. Vishing is the voice version of phishing. “V” stands for voice, but otherwise, the scam attempt is the same. The criminal makes a phone call pretending to be from a trusted entity to a victim to trick into handing over valuable information.
Baiting – Similar to phishing, involves offering something enticing to an end user, in exchange for login information or personal data. The person dangling the bait wants to tempt the victim into taking action; similar to a a fish reacting to a worm on a hook.A typical example is when a cybercriminal leaves a USB labeled “Private” or “Classified” in an open area such as a hotel lobby where a victim is now curious to see it contents. Once plugged in, the malware automatically injects itself into the computer; seizing all possible data and sending it to the criminal via the computer’s internet connection. All without any action from the victim at all.
Tailgating. Commonly known as Piggybacking, is when an unauthorized person physically follows an authorized person into a restricted corporate area or even an entry-gate to a community or building.One very common method of piggybacking is when a hacker calls out to an employee or resident to hold a door open for them as they’ve forgotten their access card. That same approach can be used when an imposter requests to “borrow” your laptop for a few minutes, during which the criminal can very quickly install malicious software.
The list can go on and on, but the idea is Social Engineering scams are the art of deception used by evil-minded people to nourish their greed for money.
Being aware of how these sorts of things work is fundamental to protecting yourself, at home or work. Aside from education; perception is common sense. There are many ways to reduce the risk of being hacked. Everyone should be aware not to open emails or click links from unknown sources. For example, confirm by visiting your bank website directly and not by clicking on links in suspicious emails. Your personal devices should never be shared with just anyone, not even for a moment. By default, put a password on your phone or personal device to automatically lock when left idle for longer than a few minutes (five is probably a good start). If it sounds too odd to be true , it most likely is. Seriously, how likely is it that a Nigerian prince would reach out to you for financial assistance? Investigate any requests for money, personal information, or any item of value before handing it over. If you do now know the source, then follow a zero-trust policy. There’s a pretty good chance it’s a scam — and even if it’s not, better to be safe than sorry.