When you hear of frauds, tricking or duping people of their money by using fake credit cards or breaking into Government websites or one’s private social media sites, you cannot remain unaffected. You may wonder how these people do this when there are so many IT Security tools being used. In this blog post, you will get to know more about ‘Social Engineering’.
The term ‘Social Engineering’ to an ordinary person could mean something beneficial, something to do with the ‘social’ aspect of Engineering (like electrical, mechanical or chemical engineering). However, it has an opposite meaning that refers to the different methods used to manipulate people to gain access to buildings, systems or share confidential information to commit frauds. The most harmless way of using social engineering is seen in any household – a child getting her way through her father to buy her favorite toy. The same principle of manipulation is applied to different situations with different people.
Kevin Mitnickthe reformed computer criminal who is now a security consultant, stated, “The weakest link in the security chain is the human element.” The only purpose of social engineers is to gain the trust of an individual to share crucial information that engineers can use to make financial gain, steal one’s identity or prepare for a more targeted attack.
The Forbes magazine predicted Social Engineering to be one of the greatest Cyber security threat in 2013, and we have been a witness to many such attacks on corporate organizations and social media sites.
With information technology spreading its wings over all the aspects of human interaction in the areas of education, banking, shopping, social media etc.; the threat of social engineering is equally felt. Social Engineers try to build trust and gather information by various means or even develop a relationship with their victims, which they can exploit or use to perform actions that could serve their purpose.
There are different ways, by which a social engineer can trick people, such as:
Pretexting is the most commonly and widely used technique where a person assumes a false or fake identity to gather personal information.
Shoulder Surfing is mostly used when someone watches over your shoulder while keying in the password on a laptop, making a banking transaction, using an ATM card, etc.
Diverting Theft, also known as corner game, is when the person convinces a courier or transport company that he/she is actually the intended person to receive the consignment.
Dumpster Diving is when someone goes through the trash to gain information via bits of paper with passwords, address or e-mail ID.
Phishing is an Internet fraud, where an e-mail appears to come from a legitimate business—a bank or credit card company — requesting “verification” of personal information and warning of serious consequences if it is not provided.
Tailgating is when a person gains entry into a physical facility through bluffing or fooling a legitimate person.
Baiting uses an infected CD or device left unattended at a place to arouse the curiosity of a person to verify the contents on a system, thereby compromising the system.
Quid pro quo, also known as “give and take policy”, is said to be used when the person offers help, usually a gift or technical support, in exchange for personal information.
Fake Pop-ups are designed programs that appear in-between legitimate work, informing the person to re-enter his/her ID and password to resume work due to network connectivity, thereby capturing personal information.
In summary, the above methods are used to get your personal details that you would never reveal under ordinary circumstances. If companies and social media sites, like Google and Facebook, were not spared by the cyber-attacks; less prepared people will only be caught unaware. Being aware of ‘Social Engineering’ not only alerts you about the schemes used by ill-intentioned people but also prepares you to defeat their plans. Miguel de Cervantes quotes “Forewarned, forearmed; to be prepared is half the victory.”
To learn more about how to protect yourself online, you can visit Safe Space website.