Social Engineering

Look at the latest security headlines, and many have one thing in common: social engineering was used to victimize people. These deceptive tactics - attacks where the criminal relies on you to make the wrong choice - are hidden throughout the Web, as you shop, bank, and socialize online.



What is Social Engineering?



Social engineering is when a scammer - rather than using technical hacking techniques - manipulates, tricks or deceives people into performing certain actions or divulging personal information.1



Social engineers take advantage of human behavior to pull off their scams – with the aimed end result of infecting a user with malware, and stealing personal information or money.

Social engineering attacks are becoming more complex and increasingly prevalent, according to security experts. “The nature of malware infections has changed during the past years. A long time ago, malware and viruses were spread in much less sophisticated ways. Now, malware authors constantly invent new intellectual ways to manipulate people and compromise their machines,” And these types of attacks are on the rise.





What Methods Do Attackers Use?



Social engineering attacks aimed at home computer users often take advantage of basic human emotions to manipulate and persuade people to fall for their ploys – including curiosity, fear, and empathy.



Curiosity. Exploiting a person’s curiosity might involve sending an e-mail that purportedly contains a link to watch a video about the latest sensational news story. The link, however, will lead to a malicious site aimed at installing malware or stealing private information.



Fear. One tactic cyber thieves use to instill fear and persuade a person to act in a certain way is by sending phishing e-mails, supposedly from a victim’s bank. Using the claim that his or her account has been breached, the message will push the user to click a certain link to validate the account. Again, the link will lead to a malicious site aimed at compromising the person’s computer, or stealing sensitive information.



Empathy. To take advantage of a person’s empathetic feelings towards others, hackers have been known to impersonate victims’ friends on networking sites, claiming to urgently need money. In another prime example, recent social engineering scams have also been seen in the wake of the earthquakes in Haiti, with con artists attempting to profit from the feeling of good will that follows such events to target users with donation scams.



While the above tactics are common ploys, it’s important to keep in mind that there are many other methods used by scammers; we can expect almost limitless variations on tried and true attacks that have been found to be successful in the past.

All of these tactics, however, involve an interactive choice by the computer users – meaning that, armed with the right knowledge; you can effectively choose to not be the victim.





What Can You Do To Avoid Becoming A Victim?



Protecting your PC with trusted security software is an effective first step to help keep you safe from social engineering attacks. But, you also need to be aware of social engineering tactics, and employ a healthy dose of skepticism when online.

The most important thing for users to do is to use common sense while surfing the web.



To findout more, the United States Computer Emergency Readiness Team (US-CERT) has compiled additional helpful guidelines to avoid being a victim in its Cyber Security Tip on social engineering attacks.





The majority of the information above is from the Lavasoft website.



1 http://en.wikipedia.org/wiki/Social_engineering_%28security%29