Quick Guide To Social Engineering

Quick Guide To Social Engineering

There are lots of threats online (and offline) that you need to watch for and one of the most dangerous of these is social engineering. Social engineering isn’t something you can buy some software to protect yourself against. Why? Because it’s when real live human beings set you up to rob you or commit large scale identity theft.

Through a series of very clever phone calls, e-mails or visits to your work place social engineers can basically manipulate people into telling them confidential or highly sensitive information – including passwords, bank account numbers and credit card information. Once they have this information they can go about emptying your bank accounts or accessing a computer server loaded with sensitive information that could be used in blackmail or worse.

Most of the time social engineering is acted out remotely – the victim will very rarely meet the social engineer face to face. They want to stay as anonymous as possible and keep their hands clean.

Here are some examples of social engineering:

Shoulder Surfing
Somebody looking over your shoulder at an ATM or computer console and watching what password or PIN you use. This is extremely common and a really easy way for you to get ripped off.

Diversion Theft
This is when a social engineer covinces a courier or transport company that they’re actually you. They then arrange for the parcel to be arranged to another location nearby. Usually the courier is met at the side of the road by a smiling social engineer who takes the parcel and pretends to walk towards a house or apartment.

Dumpster Diving
This is when these guys will root around in trash outside hotels, conference centres and big corporate offices looking for documents with sensitive information, credit card slips or Post-It Notes with passwords written on them (yes people really do that).

Phishing
This is when social engineers send an e-mail that looks very official and professional. The e-mail is usually from your bank or credit card company. They tell you there’s a problem with your account and to login with your account number and password from a link in the e-mail. Ebay phishing e-mails were the scourge of the net for a while but they’ve died down a bit now.

Phishing works on volume. The spammer might send out 1,000,000 e-mails and only get 100 respones. But that’s 100 usernames and passwords or pins he can use and the first sign of trouble for the victim is when their real bank calls them with the bad news.

Vishing
This is phishing when it’s performed over the phone instead of by e-mail.

Tailgating
This is a more abrupt form of social engineering. This is used by conmen who will follow people into buildings and walk through whatever security doors the person in front of them holds open. Usually a pair of overalls is very effective because nobody stops a workman walking around in most buildings right? Once the social engineer – lunch break or just after the last shift finishes – he can do a quick tour of the building collecting any laptops or mobile phones that weren’t secured, drop them into a satchel and leave. I’ve seen this happen in real life.

Social engineering can be very subtle and even very self-aware people can be tricked. If in doubt never give out any personal or financial information. Don’t entertain requests that you’re not sure about on the phone and delete any e-mail that looks suspicious. You’ll save yourself a lot of money and heartache in the long run.

Leave a Reply

Your email address will not be published. Required fields are marked *