Social engineering takes on many forms
February 16, 2012
My wife and I are fans of the USA network show “Burn Notice,” but for different reasons. She thinks the main character, Michael Westen, is hot, loves Fionna Glenanne for being an empowered woman and roots for Sam Axe simply because he is played by Bruce Campbell. I like it because Michael Westen uses a natural need to assist his fellow man to his own advantage.
This tradecraft of manipulating a person to accomplish something that they normally wouldn’t do is known as social engineering. Social engineering takes place all around you — at the bar, around campus, in your dorm and especially online.
Some common forms of social engineering are phishing, African prince scams (a.k.a. 419 scams), fake antivirus, chain emails and pharming.
Phishing is perhaps the most common form of social engineering. Using this technique, hackers will send you an email, often posing as your financial institution, and have you click on a link to correct some problem.
Once you click on the link one of two things happen. 1. You are sent to a site that looks similar to the real site. Say, www.chasebank.com instead of the legitimate site, www.chase.com. 2. The link has a hidden file that sends you to the legitimate site but downloads a virus or spyware to your computer.
Another common form of social engineering is the African prince scam. This scam usually takes the form of an email and requests that you send $10,000 to an offshore account and in return, when the prince escapes, he will send you millions. Sounds dumb huh? This is on the FBI’s top 5 list of most successful hacks.
Fake antivirus is a newer and higher-tech version of means of social engineering. The criminal will cause a window to open in your browser that reads “your computer may be infected. Click here to scan your computer and eliminate the threat!” When you click, you actually request a virus.
Chain emails tend to play on human emotions. This form of social engineering wants you to help someone by acting on the email request and forwarding the email to others (sometimes unbeknownst to you). When you forward the email, it not only infects your computer but infects everyone in your contact list.
Pharming is similar to phishing except it uses legitimate websites to do the gathering. Your account information is harvested when you freely fill out registration forms of request site access.
So what can you do to defend yourself, and your identity from these forms of attacks?
1. Educate yourself.
2.Keep security software current.
3. Protect all devices that access the internet.
4. Make passwords long and strong.
5. Do not use the same passwords for multiple sites/accounts.
6. Do not trust the person on the other end unless you know them.
7. Protect you online persona as if it were your wallet.