We all have confidential information we keep secure, but all too often, we underestimate hackers. Hackers patiently steal information over time. Like a jigsaw puzzle gradually building a complete picture, a hacker gathers pieces and builds their puzzle using social engineering as well as computer hacking techniques until they have enough to pull off the perfect crime.
What is Social Engineering?
Social engineering is taking advantage of people’s naivety or openness and using that to reveal otherwise confidential information. Often, this specific information they garnish leads to a focused attack on their target. Depending upon the overall objective,they might have just your password in their sights, or worse, your bank account. Savvy hackers will socially engineer their way into your PC through malicious software without ever touching your computer. Hackers must be convincing in order to fool you into thinking you are engaged with a business associate, friend, or family member. The techniques hackers employ all come down to testing your level of trust.
Popular Social Engineering Attacks
Most hackers would never directly ask you for your password. However, if the hacker follows you and pretends to be your friend on a social media site (Twitter and Facebook are filled with useful and telling information about a person) in order to learn more about you and your daily activities, friends, likes, etc., they have created an opportunity for themselves to get you to share your password. Couple this with an effective phishing attack, and you have the makings of full on identity theft. Phishing emails can target one or thousands of users of a social network all at once. These emails can come in the form of a harmless comment or ‘like’ status updates along with the usual login prompt for users. By clicking on that login, the user is now unknowingly being directed to the hacker’s fake Website, which will collect all usernames and passwords.
Once you have divulged your password, the hacker immediately begins testing your password on numerous other Websites, hoping you reuse your password across multiple sites and sure enough—BINGO! They log onto your bank site, as they know your username (your email) and your reused password. And now that they know you’re a member of Facebook, it’s not difficult for them to get ‘friended’ by you or someone you know in order to peruse your Facebook page for answers to the most common security questions such as, “What high school did you graduate from?” Security questions and answers such as these now give the hacker even more of a foothold on your digital identity. From there, it’s just a matter of logging into your banking account and changing your login password and security answers to siphon funds out before you realize you have been locked out of your account.
Social engineering hack attacks are effective because we are all social in varying degrees, and the Internet is designed to connect us all equally and sometimes anonymously. Next time, before you post that innocent status update or open that email from a friend, take a moment to remember that there might be someone else on the other end of that message whom you do not want to know.
By Scott Schober, President, CEO, and cyber security expert, Berkeley Varitronics
Systems, Inc. email@example.com