You’re Being Socially Engineered! Trust No One.

June 13, 2018 | Views: 2266

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Social engineering is instinctual and necessary for the survival of many species. Some birds fake an injury to lure potential predators away from a nest. In humans, social engineering seems to start at infancy. A baby cries, and a parent comes to the rescue. Without these early signals, a baby might starve to death. Initially, this is a subconscious effort on the infant’s part. However, if you don’t proceed with caution, the infant will learn that he can get what he wants by crying or throwing a tantrum (as seen daily in supercenters and discount stores around the globe). And the next thing you know, you have a self-entitled teenager who feels you owe him a car because he wanted one. To those parents, I say, “Congratulations, you allowed a child to socially engineer you.”

Social Engineering

Social engineering can be described as a conscious effort to influence the attitude or behavior of a target. The target could be either large-scale, like a population, or the target could be a single individual.

When it comes to large-scale social engineering, governments, celebrities, and the news media seem to affect the most people. I’ve even seen local gas companies influence people by telling them, “We are running low on fuel, but we should have plenty as long as no one rushes to the pumps.” Guess what happened that afternoon: Everyone rushed to the pumps, filled up their tanks, and almost every pump ran dry.

Governments, at all levels, can make new laws and statements, pass budgets, provide welfare, or take various other actions to influence a community’s behavior. For instance, a local government could reduce a school tax for in-state tuition, which could influence more local students to stay in the area. This, in turn, would keep a younger generation from leaving the community, and local graduates could be more inclined to do their internships and job searching locally, which could further lead to more people, more jobs, and more taxes for the local government. Governments ‘should’ typically use social engineering to influence people to become safer, smarter, and/or stronger. However, sometimes, it is for their own personal gain, like increasing their own status or trading favors with elite groups.

Celebrities

People love their celebrities. Have you ever purchased a sports jersey, beverage, or medicine, or ordered a pizza simply because you saw a celebrity was supporting it? Did you like Papa John’s because of Peyton Manning? Did you visit GoDaddy.com because of Danica Patrick? Or maybe your political opinion of someone changed because of a statement made by a late night talk show host. Celebrities typically use social engineering to make themselves more popular, which usually leads to more money for them. However, there are several celebrities and athletes who do things for non-selfish reasons, like J.J. Watt, Gary Sinise, John Cena, Taylor Swift, and even President Trump, who, so far, has donated 100% of his presidential salary. Do these people expect something in return? These rare celebrities didn’t appear to do it for financial gain. On a personal note, President Trump isn’t my favorite person, but I will admit that he has impressed me so far. And the only reason I don’t dislike him is because I refuse to let social media socially engineer me. I’ve been questioning every article I read by asking “Why?” and “What is the media not telling me?”

The Media

News organizations have become informational poison. They spend BILLIONS of dollars in an attempt to influence their readers. They have become less about informing the population and more about pushing certain agendas to make themselves money. News organizations use various methods (TV, newspapers, and webpages). Henceforth, in this article, they will be referred to as “the media” or “media outlets.”

When the media provides you with information these days, you really need to ask these questions at a minimum: “Did they include all the facts?”; “Why did this media outlet say this?”; “What led up to this story?” For instance, rarely will a police officer shoot an unarmed citizen just because he can. What was the citizen doing? Was the citizen complying? Did the officer believe the citizen was dangerous? The media will usually say something like, “Officer shoots unarmed citizen while he was walking his dog.” What they don’t tell you is that the police responded to a potential threat, and the citizen didn’t comply in a safe fashion. Why does the media do this? Because “hate” creates controversy, and controversy and hate make people read more, which makes money for said media. Most major news agencies are great at only providing the facts that support their agenda. And you should get pissed for not knowing the entire story. Always ask “Why” at least two or three times before letting the media control your emotions.

Targeted Social Engineering!

Has a salesperson ever approached you in the mall and asked you to try a new product because it will clear up that disgusting mole on your neck? You know, the mole that kids used to make fun of, and you completely forgot about it until this salesperson ran up to you to tell you how much better you would look if you could hide it. So the painful memories set in, and he gets you to buy the product because it’ll make you look better, which will give you more confidence that will get you that promotion you wanted. Yup, that’s exactly what happens.

Tailgaiting and Piggybacking

Tailgating and piggybacking are different. Tailgating is when a person slips in behind an authorized person without his knowledge to gain access to an unauthorized area; no social engineering is involved. Piggybacking is when a person tricks an authorized person into allowing him into an unauthorized area. A piggybacker will usually have his hands full of something, possibly lunch, cake, or office supplies, or he could be faking a broken leg or say he forgot his badge on his desk.

Baiting

Baiting is the act of physically baiting a person or random persons. An attacker will save a piece of malware on external media (CD/DVD/USB/Floppy) and place it in a location (bathroom, elevator, theater, company restaurant, etc.) in hopes that someone will pick it up and load it onto their PC. An example would be an attacker who saves a key logger to a CD labeled “Confidential Company Quarterly Bonuses.” Who can say no to that?! However, the malicious item could also be a Fitbit, cell phone, or any other electronic device with the microphone or camera enabled to spy on whoever just picked it up.

The final category of social engineering is related to information security or cyber security. This is both broadcasted and targeted social engineering.

Broadcast Social Engineering

Broadcast social engineering can be baiting, click-baiting, or some forms of phishing.

Phishing

Phishing comes in various forms: spear phishing, clone phishing, and whaling. Phishing is an unsolicited email that is untailored and sent to a group or several groups of people with seemingly nothing or very little in common. The phish usually goes out to such a large group of people where the attacker just hopes that a few people will become victims.

Spear Phishing

Spear phishing is like phishing, except that spear phishing is directed to a more targeted audience. The attacker actually spent time and did research on a specific group of targets. The targeted group could be a school or company, with hopes that the attacker will gain sensitive files or physical or network access.

Clone Phishing

Clone phishing is kind of like a man-in-the-middle attack. The attacker knows something specific about its target. The attacker might know that a company or employee was recently inspected and was expecting audit or inspection results, so they could coerce a target to provide additional material required to pass an inspection.

Whaling

Whaling is very similar to spear phishing, except that it targets a high profile individual like a CEO and is very detailed and specific. The attacker has probably spent time investigating his target via Google, Facebook, and other publicly available resources.

Conclusion

In short, when you read, see, or hear something or an event when it happens, ask yourself, “Who did this? Why did this happen, or what caused this present situation? What do they want, or better yet, what’s the originator’s ‘end-game’?” And remember to validate everything, because very little can be trusted these days.

Not all social engineering is malicious, but everyone should be aware that it’s out there every day. When you become good at identifying it, it’s almost fun to search for and find.

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel