We all keep hearing about these terrifying hacks that are resulting in extensive financial and data losses. Hacks that leave whole networks infected due to some complex malware/ program. A recent example of this is of course ‘WannaCry’, the malware which encrypted data and charged a ransom for it’s recovery.
Obtaining someone’s data doesn’t always need to be a complex operation however. Imagine a hacking technique that requires no knowledge of intricate coding or technical skill whatsoever. A technique that basically anyone can carry out.
Welcome to Social Engineering.
What is Social Engineering?
“(In the context of information security) the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.”
The above definition essentially describes all hacking/ scamming methods. However, the key difference with social engineering is that it doesn’t need to be technical and sophisticated. It can be as simple as directly asking someone for their password.
There is no need to invest substantial amounts of money developing methodical hacking software when you can just trick someone mentally.
A Brief History:
The idea of manipulating people into unwittingly providing their personal details was occurring long before the invention of computers. Social engineers have been deceiving victims from arguably the beginning of humanity. Although social engineering may have only become a buzzword in recent times, the practices have been carried out for generations.
Here’s an example we all remember. The legendary Trojan Horse that instigated the fall of Troy. The Trojans were under the impression they had received a gift of a giant wooden horse. Obviously, this wasn’t the case. The horse was in fact a trap and the Trojans fell for the bait.
This is of course where the computing term ‘trojan’ comes from (malware disguised as legitimate software). Social engineering works on the same philosophies of fooling the victim. Acquiring passwords and bank details is the main objective nowadays of course. Whether the next aim is to take down a city such as Troy remains to be seen.
Current Methods:
Now we understand what Social Engineering is, let’s examine current methods in circulation. Remember, the hacker tries to fool the victim by attempting to portray a genuine, trustworthy person. Here are a few techniques you may have been on the receiving end of previously:
- Attacker manages to hack a friend’s email account (“Please could you send me $500?…”)
- Distressed phone call/ email asking for help (“I’m stranded without money…”)
- Calling on behalf of a false charity fundraiser (“Help us put an end to disease X…”)
- Phishing emails (See previous blog: https://bangitsolutions.com/phishing-think-click)
- Response to a question you never asked (“I’m calling about a recent claim you made”)
A Potential Real-Life Scenario:
“Hello there, its Joe from IT. As you may or may not be aware, we are currently rolling out some updates and will need to jump on your PC at some stage. Please can you send me your email address and password and I’ll get your PC updated as soon as possible…”
Suppose the would-be hacker is targeting a big law firm. The probability of the firm’s PCs needing updates at some stage is very high. This phone call wouldn’t necessarily alert the victim due to the normality of the procedure suggested. So straight off-the-bat, the hacker is exploiting a potential victim’s trust without asking anything out of the ordinary.
Furthering this, if the hacker wanted to seem more genuine it wouldn’t take long to do a bit of research. A simple Google search could identify enough details about this particular law firm to satisfy the victim. Let’s say the hacker has learnt the location of the office and the name of certain employees (CEO, IT Manager etc), they can then present themselves more convincingly.
“Hi, its Joe from the L.A. office. Kevin Jones, our IT Manager, has asked us to update all the PCs ASAP due to a potential security breach. Please can you send me your email address and password and I’ll get your PC updated as soon as possible…”
Would you be fooled here? Can you see how easy it might be for someone to fall for this?
Closing Note:
The approaches hackers are using to steal your data are ever-growing and constantly evolving. Be as vigilant as you can and scrutinize everything. Never give out confidential information unless you are 100% the person you are divulging such information with is who they say they are. Just being aware of the methods we have discussed will help you to stay one step ahead of a hacker.
Don’t be the next victim!
If you would like to speak to a security specialist today, please call us on 1300 770035. Alternatively, send an email to security@bangitsolutions.com.