Social engineering is a set of psychological techniques used to gain access to information. It is often incorrectly assumed that social engineering is used exclusively in cyber fraud and other illegal activities, but that’s not quite the case, as it has a broad range of applications: from tracking down criminals and conducting business negotiations to a variety of uses in politics.
The term ‘social engineering’ first appeared in the field of sociology. It was popularized in the early 2000’s by Kevin Mitnick — one of the top information security specialists in the world and a former hacker. His hacks had relied heavily on the use of psychological tricks. With the help of social engineering, Mitnick could easily coax passwords and other confidential information from his victims.
Social engineering methods include:
- Phishing — one of the most popular tricks used by hackers. Confidential information (PIN-codes, passwords, etc.) is extracted from the victim by sending out fraudulent messages via e-mail or social media.
- Phone phishing is the same thing, except it uses direct communication via telephone, with fraudsters posing as bank employees, law enforcement officials, or even the victim’s friends or relatives.
- Open-source research. Almost all modern Internet users inevitably leave an enormous amount of information about themselves and their actions. This includes contact information, search history, website visits and online purchase history, and even regular likes and reposts. Based on this information, any competent specialist can recreate a person’s everyday routine and use this information for blackmail, extortion, robbery or other criminal actions.
- Shoulder surfing, or real-life observation. By looking over the victim’s shoulder — for example, in public transport — the criminal can find out the confidential information that they need.
- Baiting is often used as an unfair competitive advantage. It involves leaving malware-infected physical media in places where they can be found by employees from the target firm. When an unknowing employee inserts this drive into their corporate computer, they put their employer at considerable risk.
- It is quite common for criminals to use various acting techniques to pretend to be someone else. By gaining their victim’s trust, they get significant leverage over them.
To avoid falling victim to social engineering, it’s important to follow the following simple rules:
- Do not reveal your confidential information to anyone, under any circumstances. Only criminals will ask you for your password.
- Use an up-to-date antivirus and make sure to regularly update its databases.
- Install a browser that comes with an ‘antiphishing’ option that warns you if you accidentally visit a suspicious resource, or if a website contains harmful software in its code.
- Use spam filters. Ignore messages from unfamiliar sources.
- Double-check any information received from banks or other organizations by calling their hotline or visiting the branch in person.