What is social engineering? It’s nothing new—it’s probably been going on for thousands of years, but telephones and, later, the Internet have made it easier than ever before.
It’s really just a specific form of the ancient “con job.” Someone calls you on the telephone or contacts you via the Internet. Then they convince you to do something innocent—usually giving away a little information. They use that information to get a little more information from someone else. After a few more steps, they have enough information to steal a lot of money from you or your company.
To explain what is social engineering, here's a true story. A hacker named reported calling a receptionist in a large corporation. He claimed to be somewhat confused, and asked the receptionist—a woman who was hired for the job because she had a helpful personality—who it was he had talked to the other day. The hacker said the person had claimed to be the vice president of Human Resources.
The receptionist wanted to be helpful, so she looked up the V.P. of Human Resources in the employee directory and gave his name and office phone number to the hacker.
Next, the hacker used his phone hacking equipment to make his caller identification information look like he was the V.P. of Human Resources and he called the lowest secretary in the Human Resources department.
He told that secretary—who had also been hired for being a helpful person—that he was the vice president and he was working off-site in another city this week at a conference. He needed a copy of the confidential employee directory so that he could contact people still in the office. The secretary, who confirmed that his caller ID said the call was coming from the V.P., agreed to email the employee directory. The hacker then sold the directory for several thousand dollars to a head-hunting firm.
So what is social engineering in your home situation? Hackers use the same tricky maneuvers to attack you at home. They pretend to be your Internet Service Provider (ISP) and tell you that your email inbox is full. In order to keep receiving your email, you need to give them your password so they can upgrade your account.
But when you give them your password, they use it to log into you email account. Then they find out which bank you use and tell the bank you lost your password. When your bank sends a new password to your email account, they get the new password and use it to log into your account. Then they steal all of your money.
Even the best security software cannot prevent this type of social engineering.
Now you know what is social engineering it is important to protect yourself. The probably best way to protect yourself from a social engineering attack is to declare all somehow sensitive, personal or financial related information as top secret. Be aware at all times that even the smallest piece of innocent looking information can be possibly used by an attacker to steal your identity and get services and goods for free on your cost.
To improve security further I strongly recommend that you...
engineering attacks are not always related to internet safety. They can
happen in all sorts of situations. It’s not until their bank accounts
are empty that most people ask the question, “what is social
Protect YourselfSubscribe to my newsletter and get all the latest PC Security News. Free!