Why your computer isn’t always the target
Often the human element is the weakest link in a system, why bother hacking when you can just trick a user in giving you access or information? Hackers are employing people hacks far more than using malware and traditional exploits, it is easier and much harder to protect yourself from.
This method of hacking can be a very profitable. In one campaign an Eastern European gang managed to steal £750 million by tricking the employees of various banks.
What is social engineering?
Social engineering is the practice of hacking the brain with various psychological tricks. Where hackers take advantage of your bad habits to accomplish their goals.
Some the techniques they use are:
- Phishing – Is where hackers send you emails pretending to a reputable organization such as a bank in order to trick you into giving them information.
- Spear-phishing – Is similar to the above but the email is personalized and targets you using your name and coming from an organization that they know you deal with, they may also use your genuine account numbers or reference numbers.
- Vishing – Same as phishing but done via a phone call.
- Smishing – Same as phishing but done via SMS.
- Pretexting – Is where the hacker will contact you and lie about why in order to get you give them information. The most common form of this is asking for information to verify your identity.
- Pharming – A fake version of a real website that steals any data that users enter.
- Baiting – Offers something the user wants in order to trick them into doing what the hacker wants. For example, offer to download a film for free.
- Shoulder surfing – this where the hacker looks over your shoulder to see what information is on your screen or what you are typing. A common example is where they watch at a cash machine to see what your PIN is.
- Quid pro quo – The hacker pretends to offer a service in order to get the users information. A very common example of this is the fake tech support scam.
What tricks can they use?
- Greed – One technique is play on people’s greed to get them to divulge information. The promise of winning a prize draw is often used to get user to part with information. Other commonly used tactics are cash rewards or free media (films or music).
- Fear – Another tactic social hackers can use is the threat of dire consequences. One such popular scam at the moment is CEO fraud where the hacker pretends to be your boss and asks you to make a payment to a supply as a matter of urgency. You might be tempted to do this as you don’t want to lose your job. Other example includes threat of losing accounts, large fines or legal action.
- Curiosity – We are all are curious by nature so when a friend on Facebook sends you a link promising something outrageous you might be tempted to click. Hackers know this and will often play on your curiosity to get you to follow links.
- Ignorance – Nobody no knows everything, so we seek out advice and help, hackers abuse this with fake technical support scams or financial advice.
- Urgency – Deadlines are often combined with one of the above tricks as the hacker hopes that you panic and make the wrong decision or don’t have the time to verify the information.
- Spoofed Branding – Often the hacker will use the names and logos of reputable companies or organisations in order to make you think that they are legitimate.