Consider this – whenever you think of the term “hacking” or hear about different cyber-attacks, the first image that may pop in your mind is probably a guy in a black hoodie, sitting in a dark room, typing away in his laptop. Well, that is not how it works in the real world. This is where social engineering comes into the picture. Social engineering is nothing new though, it dates back to the infamous Trojan Horse that leads to the fall of Troy, but is often overlooked due to lack of awareness.
What is social engineering?
Social engineering refers to the act of manipulating people psychologically into giving their personal information or gaining access to a corporate system. Sometimes it involves physically accessing an unauthorised area or pretending to be someone else. For a hacker, this is the easiest method to gain access to your system – by asking you.
Social engineering is, by far, the most common cause of major cyber-attacks that take place around the world. This is because it directly involves trust and manipulation of human tendencies. If you let someone into your house without verifying their identities, it does not matter how many security locks are on your door.
Types of Social Engineering
- Tailgating – It is also known as piggybacking. It is the most effective way as the attacker physically gains access to an unauthorized area maybe just by following someone with legitimate access.
- Phishing – All of us have received those messages stating we have “won” a prize. Phishing is a technique in which the attacker impersonates a real, trusted system to send out fake messages in the form of an email, chat, advertisement or a website to get your personal information.
- Baiting – It is similar to phishing, but involves an offering as a bait to the user in exchange of entering your login credentials or personal information. The bait may be digital such as links to fake websites or physical such as a flash drive loaded with malware.
- Quid Pro Quo – Similar to baiting, Quid Pro Quo involves a hacker requesting critical information, such as login credentials in exchange of a service.
- Pretexting – Pretexting involves the attacker assuming a fake identity to gain your trust posing as a co-worker, following which they trick you into giving access to sensitive company information.
- Dumpster Diving – It involves the collection of information through old hard drives, flash drives or DVDs that were not disposed of in a safe manner.
How to stay safe
In order to stay safe, you need to be very cautious to what and whom you trust. Some of these advice may come in handy:
- If you receive an unexpected email or text message asking for any personal information, it is most probably a scam. Do not give into the urgency that the message may convey and take some time to judge the situation.
- Know that legitimate organizations, like banks, never call to ask for such details. Always verify if the sender’s email address is flagged by Google as unsafe.
- Always research the facts for yourself. If you have doubts about an email or message you received, cross-check with the company.
- Do not open unknown or suspicious links that you may receive through
an SMSor an email.
- Check the sender’s email address, if it looks suspicious then report it immediately.
- Never download attachments from an unknown sender.