February 17, 2019
Social Engineering: A social way to exploit computers
February 17, 2019
Have you ever gotten an email titled something like “You have an outstanding invoice” or “YOU ARE THE LUCKY WINNER!!!!” and (hopefully) as quickly as you saw it, deleted it?
Well, this is a form of social engineering. Social engineering takes many forms and the above example is one of the many ways attackers will try to exploit you and your computer.
This is the most common example of social engineering. It is the example that I gave at the start. Phishing is very common in todays interconnected age, it appears to be a benign email. However, under the surface within the downloadable attachment or website to visit is a ton of malware waiting for your click or visit.
Once clicked, this malware or site performs it’s devious task (which could be one of many things, including stealing your information, giving you a virus, turning your computer into a bot, the list goes on…).
Phishing also has many variants, like SMSing or vishing. Which have many similarities to phishing. They often employ the same techniques. Often the only difference is the means of communication. For SMSing they use texting, and for vishing they use the telephone.
Tailgating / Impersonating
Tailgating and impersonating are very clever and often successful means of obtaining a goal. Tailgating is following a person (who actually is allowed to be in this place) through an entrance way to enter a restricted area. Impersonating is the act of pretending to be someone you are not, then using this fake persona to gain access.
These people have various goals in mind, from entering an office to steal sensitive files, to just wanting to sneak into a concert for free. Social engineering works its wonders around us everyday, it doesn’t just have to be with computers.
Yes, even digging through the trash can be considered social engineering. Often people will throw away sensitive information without destroying it first, such as password on sticky notes or a USB or hard drive. Dumpster diving is relatively simple and can yield highly sensitive information if nor disposed of properly.
What often is nothing more than a friend who will not stop looking at your screen, attackers can also use this to steal information.
They can watch as you input your social media password and username, only to re-input later and hack into your account. Another great example is your PIN number at an ATM machine, although these (thankfully) have safeguards such as the opaque block so people have a harder time seeing what you are entering.
Each one of these attack/methods have a few things in common, mainly they are all social engineering. But also, the tactics they employ. They prey on people’s trusting nature, their curiosity, and they sometimes employ fear tactics as well as making them think it is urgent.
Luckily steps can be done to prevent this. As always step one is to educate yourself on these further, know what they look like, and the bets ways the prevent it from happening again, which will vary situation to situation. As for any other safeguards, it varies which attack you are trying to prevent, like an anti-spam filter will cut down on phishing emails.