The Learning Center
Home  »  Learn  »  Hackers and Hoaxes  »  Social Engineering

Are You Setting Yourself Up To Be Hacked?

Social Engineering - When Online Swindlers Get Personal
 Share the knowledge!

You play a role in preventing social engineering.

So, just what is social engineering? It's a vague term that's used for online shenanigans and trickery by dishonest people.

Here's what it means to you. Not all "hacks" or online schemes/scams are computer to computer...some start simply "person to person." Yes, there are online scams that involve a somewhat social aspect.

The "social" aspect isn't face to face and isn't meant to suggest that you necessarily interacted with a hacker in any way. Instead, it refers to online con artists using personal information or details they learn about an individual (and companies) to either impersonate or use as leverage to gain our confidence.

And they learn these juicy tidbits online, here and there, and they use them to gain your confidence, develop a flimsy relationship, and do online damage.

Here are a couple of examples.

The swindler. A con artist has gone onto your Facebook page and sees that you like baseball and went to Jefferson High School. With your name and city listed, he somehow manages to find your home phone number. He then calls you, saying he's with the Jefferson High reunion committee. Oh, you're a baseball fan too? Great! The con artist talks you into donating $200 to the committee. You've been swindled by someone you don't know, but who used Social Engineering (or Social Manipulation) to gain your trust.

The impersonator. An IT technician calls someone in the Finance department at ABC Data Company and requests sensitive data, he says, to complete important technical operations. Using the right jargon and tossing out a few names of company executives, he requests, and receives a password, a purchase order or some valuable company information. However, the technician is an imposter who, through Social Engineering, has gathered just enough information to sound like an IT rep for the company.

Information: The Currency of Social Engineering

Here's the point of all this. The more "private" or discriminating you can be with personal information you make available online, the less strangers know about you—and the less usable information a Social Engineer can pull together to target you with.

Social engineering is something that millions of people do, without bad intentions. When someone has an important job interview, they'll often do some research on the interviewer (Are they into sports? Where did they go to college? What are their interests?)

Social Engineering for criminal purposes, however, is different matter and a growing problem. And at the heart of the problem is this: more and more details about our lives are splashed all over the Internet.

And many people are "guilty" (innocently enough) of revealing information that tells our Facebook friends what you like doing and what your opinions are...but is also valuable to Social Engineers.

Remember, the simplest way for a non-hacking Social Engineer to disrupt your life with minimal effort is by impersonating you online or tricking you into trusting them.

Here are some tips, provided by experts, to help you lower your Internet profile and reduce the amount of personal information about yourself.

Never give out information by clicking a link or when someone calls you.

Don't be so fast to believe they are truly who they say they are. If your bank calls you asking for information, hang up (courteously) and ask if you can call them back. When the retailer Target was hacked, they announced they were offering free credit reports. Social Engineers "targeted" customers with a scam email offering the free credit report. If you're guard is up, you'll learn to think twice before falling the trick.

Don't put anything on social media or online that you wouldn't want hackers to know.

Whatever you put on Facebook and other Social Media platforms (SnapChat, Twitter, Instagram, etc.) becomes public knowledge. There's a slice of history about you that gives a Social Engineer plenty to work with. Where's the danger? If you happen to receive an email from someone who seems to know a lot about you, you're likely to offer up some "innocent information" about yourself...where you work, etc.

Keep watch over what you're tagged in on other's profiles.

If you're out of work, for example, or going in for a medical procedure, ask your family not to include that kind of information on Social Media. Not only does it keep your personal and family life private, it denies a predator Social Engineer the chance, for example, to impersonate someone with a job offer.

Keep your password hints or recovery questions off social media.

One security expert recently said that if you're in the habit of using your dog's name as a password, you should not have it anywhere online. Examine your passwords: do you have your birthday or your anniversary published...and do you use it as a password, even backwards? It's a good idea to keep "identifiable" data about yourself private. Why do strangers even need to know your anniversary, the name of your first pet of your mother's maiden name? All those types of details are gold for Social Engineers.

The less you publish about yourself online, the lower the possibility of being fooled by someone with a few facts about your life, a lot of nerve and bad intentions.

Related Articles