Social engineering refers to manipulating a person so that they part with their sensitive and confidential data. Hackers adopt different methods of social engineering, but these methods have just one aim―get access to your bank details, passwords, or gain access to your computer to install a malicious software without you knowing it.
Social Engineering – Why?
Hackers make use of social engineering because it is human nature to trust others easily, especially people they believe are in a position of authority. Hence, a phone call or an email hacker can fool you into divulging confidential information that otherwise they would have found difficult to get access to. Let’s face it, hacking is tougher than getting you to reveal your confidential data.
Well, unless you were Obama’s first Secretary of State who did not care who hacked into her information. We all know how that turned out!
4 Common Methods of Social Engineering Used by Hackers
There are many different ways of social engineering, but some of the most common ways are as follows:
Email from a Friend
Many times, a hacker hacks into one’s email account. Through this account, they get access to the contact list and may even be able to use the same password to get access to the person’s social networking profiles.
After getting control over the email account, the hacker sends out emails and social networking messages to the contact list. This email or message may contain a link and your ‘friend’ may ask you to click on the link. Thinking that the message or email is genuine, you may go ahead and click it. This allows the hacker to gain control of your computer and access your contact list.
Other times, it may be a call for help by creating an elaborate story that your friend is stuck in a place after being robbed or meeting with an accident. This plea would be to send money with detailed information on how to send it. You may believe it and send the money only to realize later that you were fooled and scammed.
You may get an email that looks as though your bank, IRS, or financial institution has sent it. The message may state that your account is blocked, but you can unblock it by verifying your account. All you need to do is click the link in the email and fill out your data.
When you click on the link, you will be taken to a website that looks genuine and legitimate even though it is not. The moment you type in your log-in details, the software on the site will capture the data.
Other times, you may get an email stating you have won an online lottery and you will be asked to provide your bank details so that the vast sum of money can be sent to you. To prove your identity, you will have to give your Social Security Number. You may get greedy and fall prey to this social engineering ploy and part with the information that the hacker wants. It could result in identity theft and your bank account being wiped clean.
Hackers know what people want, and dangle a carrot in front of them to part with sensitive and confidential data. This social engineering tactic is common on peer-to-peer sites, but can be found on social networking sites, as well. You may get an offer to download a new movie, music, or get an exclusive deal to an auction site. The general rule of click-baiting is that if it sounds too good to be true, it probably is.
If you take this bait and click on the link, your system will get infected with a malicious software. As a result, the hacker will get access to your contact list, bank accounts or credit card details. If you end up buying something due to this baiting scam, not only will you not receive the product, but you will find that your bank account is empty as the hacker will clean it out.
Answering a Question
Another social engineering tactic that hackers use is responding to a question that you never asked. This response can be in the form of a phone call, email, or text message. Therefore, you may think it is from a genuine company when it is not.
If you do not use the product or service from that company, you will ignore the message or phone call. However, if you use the company, you will end up responding as there is a good chance you need assistance with a problem you are facing. This opens you up to exploitation. The hacker will gain your trust before fixing the problem on your behalf or guide you remotely how to fix it.
Don’t be a Victim of Social Engineering
If you get an email or message, think before you proceed. Anything that comes across as urgent and pressures you to do something needs a careful review. Also, stay away from unsolicited messages even if it looks as though it was sent by an actual legitimate entity. Instead, take time to ascertain the facts and then respond.
If you allow yourself to be manipulated psychologically, you will fall prey to social engineering perpetrated by hackers.