As we get better at securing our computer systems, we are discovering that the weakest line of defense is, in fact, the human being. Social engineering is the dark art of manipulating people. Social hackers might want access to a building, to get hold of information they aren’t supposed to have, or simply to increase their status in society.
Social hackers have been glorified in movies like Catch Me If You Can and Six Degrees of Separation, and the same charm that gives them the capabilities to manipulate victims can be turned to make them stars for an adulatory public.
Social hacking can come in many forms, such as telephone and email scams, deliberately exploitative marriages, or entire fake identities that are maintained over decades.
But how do they do this? And how can we protect ourselves from people who have a gift for getting everyone around them to drop their guard?
1) There is a lot of information about you on the internet
In a tactic called pretexting, the hacker will invent a pretext for contacting you, through phone or email or in person. Often this will mean doing tremendous research about your background, your education, your work, and even the devices you own. The attackers might surprise you with what seems like insider information, perhaps by knowing your IP address or university ID. They might leverage information that you offered voluntarily somewhere else on the internet, then forgot about.
Pretexting is often used to gain more information from a target and is sometimes phrased as “confirming” information. It can be used to trick the user into performing security sensitive tasks, such as downloading software, disabling firewalls, or bypassing security mechanisms.
Another tactic is a diversion technique. This is when an attacker convinces you to make a payment to another account, or send your shipment to a different address. Often enough this tactic is about diverting communications or encryption keys. Someone might call you, pretending to be the representative of a bank or email provider, then give you a helpful heads-up regarding a warning message. The person may tell you to “safely ignore” the warnings. Similarly, you may be asked to start communicating with someone “from a different department” or be given an alternative encryption key to use with your account.
2) You are a kind and honest person
Most people enjoy helping others in some way and do not suspect an attack behind every request. And of course we shouldn’t substitute our helpfulness with insufferable paranoia.
It is difficult to maintain a healthy balance, and often any signs of paranoia are met with ridicule.
We are less suspicious when good things happen to us. An expensive USB stick you find on the floor might turn out to contain malware, or the fluffy teddy bear sent to your office might contain a camera or tracking device. This tactic is known as baiting, and in extreme cases, the attackers may go so far as to say they’ve “fallen in love with you,” or offer grand prizes for competitions you don’t recall entering.
By not exercising caution and verifying the identity of people reaching out to us, attackers are able to establish authority over us. In a large organization it can be hard to know exactly who is higher up the chain of command, and new employees are particularly vulnerable to this type of scam. A corporation might be more susceptible to these kinds of attacks after management changes or restructuring.
Social hackers might even exploit your kindness much more bluntly, simply by asking for something. In a rough working environment, stressed employees often respond very positively to kind requests. In fact, most people will either respond to kindness or authority.
3) You reveal more about you than you think
You may not know whether you are the kind of person who responds better to authority or to kindness, but a skilled attacker might quickly find out by reading subtle signs in your facial expressions or hand gestures.
Victor Lustig, the master con artist who tricked a scrap metal dealer into believing he bought the Eiffel Tower, explains:
- Be a patient listener (it is this, not fast talking, that gets a con man his coups).
- Wait for the other person to reveal any political opinions, then agree with them.
- Let the other person reveal religious views, then have the same ones.
- Hint at sex talk, but don’t follow it up unless the other person shows a strong interest.
- Never discuss illness, unless some special concern is shown.
- Never pry into a person’s personal circumstances (the target will tell you all eventually).
- Never boast—just let your importance be quietly obvious.
More targeted and efficient can be a phishing attack. In its most common form, you receive an email from your bank with a request to log in to your account. But instead of being directed to your bank’s website, you are sent to an identical site owned by the attackers. This attack can even circumvent two-factor authentication. When the attackers try to log in to your real account, you may receive a text message with a security code from your bank. They will obtain this, simply by asking you to enter it on their fake site.
4) Your mind easily jumps to conclusions
We hate to admit when we don’t recognize people who claim to know us. Especially if they seem to know intimate details about ourselves. In fact we are much more likely to trick ourselves into thinking that we must know the person, rather than risk a confrontation to clarify the nature of our relationship. This is exploited in countless telephone scams, where people are tricked into believing their distant relatives are calling and are in need of financial help.
William Thompson, who lived in New York City in the 1840s, convinced random strangers not only that they knew him, but also that they could trust him with taking care of their valuable possessions. He quickly became known all over the country as “the confidence man.”
5) You are inclined to believe others are like you
You have no evil intentions, so why would others? It’s hard for us to imagine that sometimes seemingly ordinary people want to harm you.
You know about evil hackers, but they only attack nation-states and civil rights activists, right? Why would someone go through the effort of trying to hack you? You have no cases of money or trade secrets to steal. So why would people want to do you harm?
In reality, you and your data are probably a lot more valuable than you think, and you may already be under attack in one way or another. It may be an automated attack or it may just be a coincidence, but you are wise to not trust lucky coincidences blindly. Be wary of the sudden appearance of an old acquaintance or any strange request that comes over the phone.
Comments
After the subscription it telling me to upgrade my subscription again, so what can I do
Hi Egunjobi, please contact our Support Team and they will help you finish the setup process.
I don’t own a computer I just use my cell phone will it work on my Google pixle
Inform the people that way it doesn’t happen to them! I Tell my friends about government corruptions all the time, some believe me wholeheartedly some choose to remain ignorant because there afraid of the truth. I just hate the half that wishes to remain ignorant. Well I don’t hate them but I wish they would just listen to what I have to say and hear me out before they jump to conclusion that i’m a conspiracy theorist! As a matter of fact they always jump to conclusion that i’m making it up or my sources are not valid I know for a fact my sources are valid and I will even prove to them that they are and they still don’t want to believe in me. Like for example and you can look this up but in 1974 Dr. Joseph C. Sharp was the first man to project his voice into another living persons skull!!! This means no one but that person heard his voice. Just imagine how advanced that technology has grown since then. I’m not sure if he was but the Air Force was studying Mind Control at that time, “Operation MK Ultra” and that is a form of it. A form of making someone go mad to the point they get admitted to a Hawthorn Center and get falsely diagnosed with schizophrenia! How messed up and unbelievable does that sound because everything I just said is all facts! Operation MK Ultra was ordered to be destroyed except the government found a large portion of documents in a financial building that the CIA wouldn’t usually store files of that nature in but only a few of them pertained to “Voice to Skull Technology” where they used microwaves or extremely low electromagnetic frequencies to project voices into a victims inner ear so only the victim can hear it, the rest of the files were all about LSD experimentation on willing and non-willing subjects as well. They are still using technology like this to this day and experimenting on US citizens not terrorists or foreigners but US citizens! I don’t know if any readers will believe me but look up “V2K” or “Voice to Skull” or “Targeted Individuals.” The cellular infrastructure is whats being used to emit theses microwaves or EMF so they already have their massive weapon against the people established its just if and when they will use it! Maybe they will continue to make people have less rights and deem them crazy for a long time and render them dissidents aka undesirables, or maybe they will use it to target the entire country in large scale they can control smooth muscle with the EMF or microwaves, put off by the cell tower arrays. That means they can induce a heart attack control your bowels etc. HAARP isn’t just weather manipulation either, the antenna there emit ELF, or extremely low electromagnetic frequencies also, so it could be being used as a mass mind control center as well as weather manipulation if you want proof of this technology just google it or look it up on YouTube look up “Mind Control History Channel” or “Dr. John Hall” he wrote a book about it titled “A New Breed, Cyber Terrorism in America” that may not be the exact title but close enough, you’ll get his verbal testimony. He even does a bit on “Targeted Individuals or TI’s,” He goes on about Cuban Diplomats suffering from these Psychotropic Weapon attacks, all the way to the purps breaking and entering into the victims home when there not home and they know when there not home because they can see what the victim sees, hear what the victim hears and much more!!! Believe me or not… I’m telling the God honest truth, for I am a devout Catholic and I would swear on the old and new Testament that everything I just explained is factual!