Why You Need to Know about Social Engineering
Out of all the hacking techniques, there is one that will not be protected against by your average antivirus, blocked by a good firewall or buffered by a particular operating system. That is social engineering, a technique that’s as old as time, but particularly dangerous when combined with digital devices.
What is Social Engineering?
A long time ago, many people got emails from people pretending to be princes in African countries. They build up a rapport before asking them to send over money with the promise that they’ll send twice as much money when they get access to their finances. This still goes on today. Social engineering is building trust in this way, manipulating people, and trying to build up confidence before asking individuals to do things. More recently, the hackers who posted tweets from Barack Obama, Jeff Bezos, and more saying they want to ‘give back to society’ and claiming they’d double bitcoins sent to their address were social engineering on a grand scale.
How Can You Protect from Social Engineering?
How can you protect yourself from fraud? It can be really tough, as conmen specialize in getting you to have confidence in them. You should not believe anything that sounds too good to be true, but social engineers will often target those who are more inclined to believe them. If you have an excellent IT support service, you can ask them to help to protect you, like Capstone IT Services (Florida) with their CyberShield security system, which helps to protect data from social engineering scams. Two-factor authentication for important data, putting a lock on important files, and even just asking experts for help can all reduce the damage done by social engineering.
Types of Attacks.
The most popular type of social engineering strike is called Phishing. It involves the social engineer recreating a website or support portal of a company that you trust and sending links to targets through emails or social media platforms, often spoofed to look like they come from people that they trust. The victim ends up revealing personal information and security information like credit card details. Many phishermen will evoke a sense of urgency and make it seem like something bad will happen if an issue isn’t resolved immediately – like claiming they are the IRS. You need to enter credit card information for an audit or face jail.
Spear Phishing is another attack that requires a bit more effort as it is a more personalized form of Phishing – making the attack seem unique to the victim will often increase the chance of the attack being successful.
Vishing is a particularly nasty type of social engineering. It involves the engineers picking a reputable company, recreating the interactive voice response that those companies use to help their customer support, attaching that to a toll-free number, and then tricking people into calling the number and entering their details. Most people don’t expect Phishing to attack them past the internet, so they are more likely to give away sensitive information in this context.