Social Engineering: The Science of Tricking People
What is Social Engineering?
Social Engineering is an Information Security Term referring to the act of manipulating or tricking people to share confidential information.
Have you seen a spy movie? Typically the Social Engineering attack is the scene where the main character tells lies in order to get past the guard at a corporate office or data center. They usually find out as much as they can about the company to sound legitimate.
In this day in age, it is difficult to “Trust” people. Attacks come from every angle and it is important to be on your guard. Teach your kids about these scams and they can protect themselves. My rule of thumb is to Be wary of a any unsolicited communication!
On a lighter note. I have to share the clip from Ace Ventura. Here the Ace Ventura character is pretending to be a patient of the Mental Hospital in order to gain access to confidential files. I had to share! I don't know about you but it is Hilarious!
What types of social engineering attacks are there?
Social engineering can come in many forms:
E-mail is probably the most common social engineering attack. This is known as phishing. The attacker will pretend to be a legitimate company in order to get you to a malicious site or for you to gather information. See my post on How to detect Phishing?
Social networks are a prime place for a social engineering attack.Random friend requests. These are not very successful. I know most people would not accept to be friends with someone they didn't know. However, what if your friend's Facebook account is hacked? Your 'friend' could start messaging you on Facebook about how they are in the middle of an emergency and only need a small amount of money to rescue them. Use your gut feeling to know if you should respond to friend communications or request. If you have their phone number Is it normal? See my post on Social Media Scams
Ever get a random text with a link? Don't open it! Don't click on the link. These unsolicited text messages are a form of social engineering. The attacker wants you to click on the link which is a website laden in malware. You may have signed up for text message notification service. Keep track of your notification. Do not open or click on unsolicited text messages! The Text is most likely SPAM.
Have you ever received a phone call stating that their is a problem with your computer and it is causing a lot of “problems” on the network? This is a common scam and usually routes through a local phone number. I helped my mother-in-law with this very scam. Whether at work or at home, IT Support will not call you randomly. See my post: Don’t Accept ‘Free’ IT Support from Random Callers
Have you ever found a USB key? What is the first thing you do to find the owner? You probably put it in your computer to see if you can find a name in one of the files. Someone leaving it after a party or student gathering is one thing. You should never use a USB key that was found in a public location (parking lot, restaurant, etc.) These USB key devices could be loaded with lots of malware that could unknowingly take over your system.
How do I protect myself from Social Engineering?
The best way to protect yourself is to develop a healthy habit of skepticism. Not everyone is out to get you, but before you can establish a relationship of trust with someone or a business, keep your personal information safe. (See my post on protecting personal information.) It is o.k. to be generous and to be a helpful stranger, just don't give away information that could leave you a victim of a social engineering attack.