Social Engineering - Everything You Need to Know
In today's world of strong encryption and near-impenetrable software, more and more hackers are turning to social engineering to get things done. Before I get any further, let's define "social engineering".
Social engineering - in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information.
It basically means that the person doing the social engineering is attempting to get someone to do something (such as give sensitive information or unauthorized access) to him.
This is a huge issue for companies with lots of employees who could easily fall prey to such tactics. In fact, of all the attacks a company weathers, this one is possibly the most successful. So beware!
Techniques
Phishing - Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels. Have you ever gone through your spam folder of your email address to find tons of legitimate-looking emails asking you to send money to get a lot more money (especially from Nigeria) or to reset and change your password? Yup, those are phishing emails. Everyone gets them and, surprisingly, some people fall for them (though mostly only older people). Like I said earlier, they come in the form of emails, messages, SMSes, or any other kind of online communication.
Attachment Emails - Somewhat related to the phishing emails, these are emails that have a file attached to it. These are sent to people with a messages usually saying that the attached files are top secret in the hopes that you will open it. Don't! It's almost always a virus or some form of malware. Most ransomware also gets transmitted in this manner.
Malicious Code Emails - These are emails sent to people with a bunch of scrambled symbols in them. Most of the time they have a note at the bottom saying that you should enable macros to view the message (only Outlook and other clients support this). If you, the innocent victim, do enable macros a malicious code will be executed on your computer, installing malware.
Calling - Many business-related social engineering attacks are made this way: over the phone. They call the company acting either as an employee or a customer that lost their password, card, etc. They try to make the person at the other end of the call (though they know how to do this so that it sounds genuine) give them whatever they want. This has been surprisingly successful. Business have started training employees to counter such attacks.
Social engineers also contact normal people in this way, with similar results.
How to Guard Yourself Against Them
- The best way to safeguard against social engineering is common sense, since such attacks specifically targets the person emotionally.
- Check the originating email address of an email. Even if it looks legit, it can easily be spoofed. If you're not sure, contact what you know to be an official email address of whatever the company is and find out if the email is real.
- Realize that no business, bank or credit card company will ever ask for a password or PIN code. Don't ever give it away to anyone!
- Don't open attachments or enable macros unless you're 100% they're safe. Get an antivirus that can scan email attachments.
That's it folks! Remember to upvote, follow and resteem if you liked it!
I work in cyber security and social engineering is used as a favourite method by cyber crims... Great read - have an upvote :)
Its crazy how easy it works some times. Companies are always late to the game with detection.
Very nice post. Social Engineering is a very overlooked hole. Human kindness is so easily exploited by the people in the know .
Kevin Mitnick one of the legends