Tech, Gadgets, Photography, Social Media and Poor Spelling
After yesterdays post on potential ways of not being hacked, I was asked what social engineering is. To put it in simple terms with no technology element Social Engineering is the fancy new name for the Long Con. It’s all about Gaining trust using small snippets of information to gain larger amounts of information to enable an end result.
Yes this can be via dumpster diving, and getting physical information, i hear tell of one guy who got a job in pizza hut because he knew eventually his target would call in and order a pizza and because when he did that he’d get the targets credit card details.
Social engineering is the art of manipulating people into doing things, particularly security-related—such as giving away computer access or revealing confidential information. Rather than breaking into computer networks or systems, social engineers use psychological tricks on humans.
In many cases, these hackers use small pieces of information to gain trust or access so they can then carry out their cons fully. Here are a few examples:
Social engineering, as you can see, relies on our gullibility and the limited amount of information we use to verify people’s identities. Photo by Jared and Corin
Before you say this is common sense and that you would never fall for such a trick, know thateven tech-savvy people are vulnerable to sharing personal information. When the hacker appears to be in a position of authority or acting for the boss, it’s even harder to say no, as this Wal-Mart hack shows.
The best people at getting this information are the people you don’t see, the repair guys, cleaners the nobodys you brush past because socially they are nothing to you and highly invisible.
The best way to avoid social engineering to to take life with a healthy dose of non trust, even if you are the cleaner or the reapir guy you may not be the person being engineered however you could end up being the conduit.
Never give out any confidential information—or even seemingly non-confidential information about you or your company—whether it’s over the phone, online, or in-person, unless you can first verify the identity of the person asking and the need for that person to have that information. You get a call from your credit card company saying your card has been compromised? Say okay, you’ll call them back, and call the number on your credit card rather than speaking to whoever called you.
As we say in yesterdays post we can’t guarantee to stop a social attack you can mitigate one, shred documents, use multiple passwords and mail accounts, get a 2nd credit card number build those walls to slow down the attack.
Maybe reinvent yourself every once in a while change handles, delete mail accounts, recreate social networks just a little house keeping.
And most importantly of all. BACKUP.. 1 copy is not a copy 3 copies, 2 offsite 1 local…