Social Engineering | Powerful Hacking | 16th December 2022 | Virtual Wire
You might be wondering what social engineering is or you might also be thinking it is another aspect of engineering or hacking that requires the use of big machines but it will surprise you if you find out that it is simple yet powerful.
Now the big question: What Is Social Engineering?
Social engineering in hacking simply means the act of psychologically manipulating people to give up confidential information or making them perform an action. This confidential information can include passwords, bank information and other private information. Apart from using social engineering techniques to steal someone’s identity, including a bank account or credit card, social engineering can be used to obtain a company or organization's top secret, or attack national security. Why waste your time trying to figure out the sensitive information about someone yourself by using other hacking techniques when you can directly interact with the victim and get the most accurate information? It is the most powerful because it is simple yet very effective.
To better understand what social engineering really means, let’s discuss the types.
What Does Social Engineering Look Like?
Over 70% of data breaches are due to social engineering. Do you see how powerful it is? Let’s dive into what it looks like. You might be a victim of it in the past, currently or a potential victim.
Receiving An Email Or Text From An Assumed Trusted Source (Phishing)
Have you ever received a text from a friend that says they need you to urgently help them by sending money or something important? Or received a call or an email from your bank telling you to click on a link or asking you for confidential information about your bank account giving you time to do that or else your account will be blocked? Or received an email from your boss asking for something confidential about you or the company? Whether you received such or not and whether you fell victim or not, that is called Social Engineering. In cybersecurity, this aspect of social engineering is called Phishing. Phishing is a type of social engineering in which a target is contacted by phone call, text message or email by someone that looks like they’re from a legitimate source, company or website. Phishing is pronounced as fishing). It is the most common type of social engineering.
Common Features Of Phishing
Demanding Money or Sensitive Information - A phishing attacker is only after two things, money or data.
Sense of urgency - They demand you should act immediately or give you a span of time to act.
Threat - They threaten that something terrible will happen if you don’t act immediately. Example; “Your account will be blocked if you don’t provide the details.” Sometimes you can get warnings like “ACCOUNT SUSPENSIONS PENDING”, “LAST WARNING” etc.
Unfamiliar Request- Your bank asking you to provide confidential information about your account is totally odd. Again, why will your colleague ask you about your company login details? The request usually doesn’t look or feel normal.
Unfamiliar Greetings- Your friend only calls you a nickname but you receive a message where he is using your complete name or your bank usually addresses you with your first name but your receive an email where they’re addressing you as “esteemed customer”.
Grammatical Errors - This is one of the common features. Banks wouldn’t be sending emails with grammatical or spelling errors. That is not professional.
Suspicious Attachments - Usually, a website link will be attached that demand you to click on it or a link to download something.
Baiting is a type of social engineering attack whereby an attacker lures the victim into a trap by making falsely appealing promises to steal their sensitive information. Unlike phishing, there is a promise of a reward or an attractive hard-to-refuse offer. This is used to entice the victims. It uses physical media and relies on the curiosity or greed of the victim.
Common Features Of Baiting
Hard-To-Refuse Offers - We love free things and discounts. Unfortunately, hackers also know this. This is what they use to bait their victims. Many successful baiting attacks start with emails offering everything from free downloadable content to discount coupons to free devices like mobile phones. Targets are now asked to enter their information in order to open a user account which they will use to claim their offer.
Free Online Downloads - Before you download any free app, ask yourself why anyone is offering it as free. This could be a malicious app that contains malware. Be careful in rushing to download free things.
What Do Social Engineers Feed On?
They feed on our trust -This is why in phishing, they act as a trusted source in order to attack us.
They feed on our greed - We love discounts or free and this is exactly what they use to bait us.
They feed on our desperation - They make an appealing offer that the target desperately needs. For example; They send a message that the target won a lottery.
What Is The Best Countermeasure(Solution) Against Social Engineering?
The best and the most effective countermeasure against social engineering is education and awareness. Knowing about social engineering and knowing its methods is the best way to fight it. No matter how secure your organization is, it takes only a single employee to disclose the most sensitive information about it and all those security measures will be rendered useless. You can’t protect yourself against a danger you don’t know about. So, this is why the most effective method is knowing about it and knowing its ways.
We have other types of social engineering but the above types, top the list.
In order to protect yourself:
Be vigilant and think critically before sending money or clicking on any link.
Question everything that doesn’t seem normal.
No matter how good that offer is, question why it is offered to you.
Don’t provide personal information or passwords over email or on phone.
Verify a request’s authenticity by contacting the company directly.
Don’t provide information about your organization.