Because of the widespread availability of digital gadgets and the internet, these days, communication and the attainment of information have never been easier. Unfortunately, though, the act of committing crimes has been digitized too. If you are someone who spends a lot of time on various online portals and social media sites, you would have most likely heard about online scams and digital fraud.
It could also be very possible that you have already been a victim of such acts too. To have a broader understanding of how computer criminals execute their villainy on the web, we should get acquainted with one of the techniques they are using – social engineering.
Understanding Social Engineering
The term can be easily defined as the act of befriending someone through electronic means to obtain valuable information like email addresses, usernames, and passwords. While giving away the first two aforementioned items seems common and harmless, passwords are not meant to be known by others apart from the owner – it is meant to be a secret.
Passwords are the means to opening electronic accounts that could contain lots of valuable information which could include financial records and even money itself. It is the reason why cybercriminals are known as ‘hackers’ relentlessly flock to the internet to gather usernames and passwords that they can utilize and exploit.
Why hackers resort to social engineering instead of using their technical expertise to guess or “crack” someone’s password is because guessing a combination of letters and keyboard characters is an extremely daunting task. Though most people often use plain words like their own names or numbers that pertain to the dates of the special events of their lives, some people are wise enough to include special characters as well.
When that happens, especially if they choose passwords that are 8 characters or more, it would take for even a supercomputer to guess the password through a technique called “dictionary attack” – a process in which a special software will auto-generate a series of characters in varying combinations until the password of the target account is guessed. To circumvent this obstacle, hackers execute a much more effective strategy called social engineering.
The Methods Involved
The Messaging Technique
The technique often involves three basic methods. Hackers would do just one of them, or all of them, depending on the surrounding circumstances. The first approach is through email communication. The hacker would pose as an internet marketer or personnel from a certain legitimate-looking company. He (the hacker), would then send you an email that advertises a product, a newsletter, or a link to an app that you might find interesting.
Once you open the message, which often contains an attachment, you are already putting yourself at risk of opening the harmful attachment. If you do open it, a piece of malicious application will then get installed on your phone or computer without your knowledge.
That app will then do the ‘phishing’ activity which could give away the words and phrases you type into your computer. The app would then perform the task it is programmed to do – send the information automatically to the hacker. Because your keystrokes are recorded since you installed the malicious code into your device, the hacker would find it much easier now to guess your password.
The Telemarketing Technique
Another technique used by hackers is through a phone conversation. They may present themselves as telemarketers, or technical support staff for a certain company. They will call you, and engage in a friendly conversation with you until you have gained their trust, and until you will give them your password and other sensitive information that is meant to be a secret.
Oftentimes, they would lure you into thinking that you are just giving them your personal data because they need it to fix your technical troubles, or so that your digital profiles could be managed well. What makes this technique so effective is that the most proficient hackers are so good in social engineering through phone and that they could easily make you feel comfortable with their hidden ulterior motives.
To make matters worse, most people do not give much thought to giving away their usernames and passwords because all they ever think about is how their technical problems could get solved.
Physical Social Engineering
The third technique is through physical or face-to-face social engineering. Among the methods used by hackers, this is the most difficult and most dangerous of all. When all else fails, or when they fail to fool people through emails or phone calls, computer criminals would visit the actual place they want to hack, where they can connect to that facility’s network in a physical way. To successfully execute such a method, they would pose as a trustworthy person from the perspective of the people within that building.
They might appear as technical personnel commissioned by a legitimate-looking company that offers troubleshooting services or upgrading services. They might even appear as established business owners that would offer possible partnerships. Once they have gained the confidence of the people within that building, they would then ask for a tour or some physical hardware checkup for the facility. They have just gained access to their victim’s network and the latter is not even aware of it.
Conclusion
Today, because of the ever-increasing number of social media users, social engineering is happening constantly, victimizing people of all ages. How far cybercriminals would go could range from simple money-making acts to heinous crimes of sexually related offenses. Even though the biggest networking sites and email services are doing their very best to combat digital crimes, the best method that people should bear in mind is their own vigilance.
If internet users would just choose passwords that are very hard to guess and would be extremely careful in giving away their personal information, social engineers would decrease in number because they would eventually get exhausted. The best way to combat cybercrimes is common sense. In that aspect, no hacker will ever be smart enough to fool anyone or breach digital sanctuaries that do not belong to them.
In reading some researches about security breaches, social engineering is one of the most challenging one, if hackers cannot penetrate to the system, they will use the weakness of a person. I really love the articles you are writing, I can relate, though I am not writing articles like this here, maybe soon-when my IT mind is awaken. wink