projectz

Tech, Gadgets, Photography, Social Media and Poor Spelling

What is Social Engineering?

After yesterdays post on potential ways of not being hacked, I was asked what social engineering is. To put it in simple terms with no technology element Social Engineering is the fancy new name for the Long Con. It’s all about Gaining trust using small snippets of information to gain larger amounts of information to enable an end result.

Yes this can be via dumpster diving, and getting physical information, i hear tell of one guy who got a job in pizza hut because he knew eventually his target would call in and order a pizza and because when he did that he’d get the targets credit card details.

Social engineering is the art of manipulating people into doing things, particularly security-related—such as giving away computer access or revealing confidential information. Rather than breaking into computer networks or systems, social engineers use psychological tricks on humans.

In many cases, these hackers use small pieces of information to gain trust or access so they can then carry out their cons fully. Here are a few examples:

  • A hacker might call saying your credit card has been flagged for unusual activity and the bank needs to verify your information (credit card number, mother’s maiden name, etc.) before issuing a replacement. He or she will offer up the last four digits of your card and perhaps the date and amount of a recent transaction (things easily found in your trash) to gain your confidence and make this sound legit.
  • Another classic con is when an attacker poses as someone in your company or a consultant (e.g., tech support—complete with fabricated ID card and clipboard) or another trusted outside authority such as an auditor. With a little confidence, anyone could just tailgate their way into any building.
  • Hackers might even pose as your Facebook friends or other social media connections and then glean information from your profile or your posts.
  • Phishing attacks and rogue websites that pretend to be trusted companies all also fall into this category of cons.
  • And, as we’ve seen recently, hackers can get into accounts through lax company procedures which require only minimal bits of information (e.g., billing address and email) to identify users.

Social engineering, as you can see, relies on our gullibility and the limited amount of information we use to verify people’s identities. Photo by Jared and Corin

Before you say this is common sense and that you would never fall for such a trick, know thateven tech-savvy people are vulnerable to sharing personal information. When the hacker appears to be in a position of authority or acting for the boss, it’s even harder to say no, as this Wal-Mart hack shows.

The best people at getting this information are the people you don’t see, the repair guys, cleaners the nobodys you brush past because socially they are nothing to you and highly invisible.

The best way to avoid social engineering to to take life with a healthy dose of non trust, even if you are the cleaner or the reapir guy you may not be the person being engineered however you could end up being the conduit.

Never give out any confidential information—or even seemingly non-confidential information about you or your company—whether it’s over the phone, online, or in-person, unless you can first verify the identity of the person asking and the need for that person to have that information. You get a call from your credit card company saying your card has been compromised? Say okay, you’ll call them back, and call the number on your credit card rather than speaking to whoever called you.

As we say in yesterdays post we can’t guarantee to stop a social attack you can mitigate one, shred documents, use multiple passwords and mail accounts, get a 2nd credit card number build those walls to slow down the attack.

Maybe reinvent yourself every once in a while change handles, delete mail accounts, recreate social networks just a little house keeping.

And most importantly of all. BACKUP.. 1 copy is not a copy 3 copies, 2 offsite 1 local…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Information

This entry was posted on August 9, 2012 by in comment, ilike, Social Media and tagged , , , , , .
%d bloggers like this: