The dictionary says that social engineering is the practical application of sociological principles to particular social problems. Brian Brushwood reshaped that to
“using cheap, dirty psychological tricks to get people to do what you want”.
How are we all vulnerable to human hacking?
When we look at how we are influenced daily on the good side, we begin to understand how these bad guys can get us to do the things that are in their best interest. Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software.
Human errors do play a major role in this. As humans, we make mistakes and we have the desire to be helpful and trust one another. One of the most powerful weapons these hackers use is the psychological back door everyone is liking. The idea is that when you like someone, you are more likely to grant them a favour, do some work for them or give them something that they want.
Curiosity is also something that can easily get the better of us. Whether it is a random message we receive or a suspicious link that has been sent to our inbox, more than likely, we will open it. Social engineers know how curious we can be and so once we have downloaded or clicked on these links, our devices will be infected with malwares without us knowing.
Fear is as an emotion that they prey on. You receive an email from a person claiming to be your bank telling you that the bank servers were updated and you needed to login immediately if you do not want to be locked out of their services. A link is provided to take you to a fake login page where you will eventually give out your details to the scammers. This is a typical example of a social engineer preying on the fear you have of losing access to your bank services.
Greed: Imagine if you could simply transfer $10 to an investor and see this grow into $10,000 without any effort on your behalf? Cybercriminals use the basic human emotions of trust and greed to\ convince victims that they really can get something for nothing. Our generation is full of people that want to become famous and rich without having to work towards attaining it all. This is what makes us an enticing target to social engineering.
What are some of the tactics being used?
Phishing: this is an email-based attack. It means that anything that comes into your email regardless of whether it is looking for passwords, clicks or credentials, phishing can be involved. You can see ransomware, malware and viruses sent to you through your email. It is one of the most prolific ways social engineering is being used.
Next is vishing which has now become a real word in the oxford dictionary. Vishing stands for voice phishing. It is basically any scam that involves someone calling you on the phone. The most popular vishing scams we know are the ones where they are calling to tell you there was an issue with your account and requesting for your account details on the phone. This is dangerous because when you trust the messenger more than you trust the message, you are in trouble.
We also have smishing which is SMS phishing. We don’t usually come across these as much as phishing and vishing. But it has been happening recently in the era of the corona virus pandemic. Among a swathe of Covid-19 online scams an SMS-phishing attack has been used to fake text messages - typically to link to a malicious site and ask a person to share personal information or financial donations for covid-19 victims.
These criminals have the ability to appear however they want and whenever they want, they will create this entire scenario and you are going to interpret it based on the settings that they put around it. You are a sports fan, and so they will be sending you an email with regards to sports. You love shopping, they can send you messages, posing to be a company like amazon.
95% of cyber-attacks have a component of human error, because it is the easiest way that they can get what they want. They don’t want to have to stress themselves by penetrating through your firewall, or challenging the strength of your antivirus because it is very difficult. Not when they can exploit us.
There is no protection against social engineering other than yourself. Cyber criminals are not just hacking computers, they are hacking humans. This is a warning for all of us, that the only protection that we have against social engineering is ourselves.
Written By: Nanbaan Micah
Her website: ThePrimePost
Mike Ahola, (2019, October 18). The role of human error in successful cyber security breaches. Unsecure blog.
Andrew Mager, (March 15, 2019). Brian Brushwood: Scams, social engineering and straightjackets. Social Enterprise.