No matter how advanced our computer security technology is, the weakest point is still us, the users. Hackers can often bypass the best scrutiny with our help using our kindness, willingness to help and other parts of just being humans against us. This is known as social engineering and its one of the most difficult attacks to protect against.
What is social engineering?
Wikipedia defines social engineering as ” psychological manipulation of people into performing actions or divulging confidential information.” That means using low tech methods to get us to do things we wouldn’t normally do.
Here are some examples:
Your building uses key cards to access doors to the building. Someone will approach you as you enter carrying boxes and say they can’t reach their card and asking you to hold the door for them. The average person would be willing to help in situations like this, we’ve all been carrying boxes and needed help with the door.
You receive an email from the tech support at your company informing you of new password policies and asking you to click on a link to update your password to make it more complex. The email is addressed to you directly and appears to come from the correct email address for text support.
You receive a phone call from someone who claims to be from your bank informing you that there has been some suspicious activity on your bank account. They ask you to confirm some purchases that you don’t recognize. They tell you that they will be sending you an email with a link for you to change your online banking password.
These are all examples of how attackers can use social engineering to get you to do something you wouldn’t normally do.
The top 5 ways hackers use social engineering
- Quid pro quo
Quid pro quo is Latin for “this for that”. It means to offer you something, an incentive, in exchange for your help.
Phishing is becoming the most common form of attack and uses some of pretexting to be effective. It is the use of very carefully crafted emails that are sent to a target and gets the victim to click on links that in turn, will infect the target’s computer with malware.
Tailgating is following someone into a secured area, such the person carrying the boxes mentioned above. They use our willingness to help and to be kind as a way to get around security procedures.
Baiting is where an attacker will leave infected USB flash drives around in the hopes that a victim will plug them into a computer to see what is on them. They computer will then be infected and the attacker can begin his work.
We’ve outlined the most common forms of social engineering that an attacker will use to go after us, the users. By being on the look out for these types of attacks. you can help prevent yourself from being taken advantage of.
If you have any questions on this or want to make sure your own organization is protected from the most common attacks, please contact us at 770-506-4383 to schedule your free assessment.