Social Engineering and the Hacker

What is social engineering?

Social engineering, in the context of cyber security, is the psychological manipulation by a hacker, in hopes of people divulging private or secure information to them.

How do hackers use social engineering?

Hackers use social engineering to perform their hacks and scams utilising the key principles listed below.

Authority – the hacker will pretend to be a person of authority. This is prevalent in tax office scams, Microsoft help desk scams, banking scams etc. Portraying or imitating a person of authority gives the scammer more credibility than if a stranger just asked for information.

Intimidation – the hacker will use the threat of negative action with words like “your account will be suspended” or “there is a warrant out for your arrest”. Seldom do people in authority give direct intimidation in initial conversations, so that should be a red flag.

Consensus/social proof – This is very popular on social media where one person shares a scam website or post and it is shared again, and again. Seeing it in several places makes the person being hacked think that the fake item is real. It is best to do your research before reposting or sharing something that might lead people into vulnerable situations.

Scarcity – If a hacker tells you that something is selling fast, or they have a limited one day offer then they are appealing to the human need to “catch a deal”.

Urgency – Like scarcity, this plays into the human need to do something within a given period of time. If a hacker tells you that there a consequence of you not acting within a set time (i.e. your system will crash) then they are trying to sway you to make a quick, hurried decision based on a perceived urgent end result.

Familiarity/liking – Hackers may use your friends to get to you, staking a risk that you will communicate with them if you believe they are a friend or referred by a friend. Humans are comfortable within a group and are wary of strangers, so hackers take advantage of this and attempt to gain trust from within your friend circle. This is why hacked Facebook accounts are becoming so popular.

So how can you be prepared for hackers using social engineering?

Education and training - Understanding how hackers utilize these social engineering principles to gain our trust, is the first stage of not being taken in. Share the knowledge with those nearest to you.

Standard framework – in business, organisations have protocol and procedures set up so that staff know how information should be handled, kept and divulged.

Scrutinize – Taking into account the information above, you can scrutinize all your potential hacker interactions, asking yourself if they have acted using most of these principles.

Security protocols – Securing your data for sensitive information with passwords that are secure and in line with recommendations (8 letters or more of upper and lower case, numbers and symbols) and two factor or multi factor authentication.

Inoculation - Preventing social engineering and other fraudulent tricks or traps by raising awareness, using security measures and educating staff and friends.

Review – Constantly review the situation of scamming and hacking and adapt your procedures, security and protocol in line with new attempts.

Waste management – This is often overlooked. Waste can be used by scammers to get information on your company. Lock up your secure waste or shred it. Secure your data in the cloud with multi factor or two factor authentication and change passwords regularly.

Where can I get help if I need it?

If you have any issues and concerns about your cyber security, Loyal I.T. Solutions can help, simply call (02) 4337 0700 or email reception@loyalit.com.au.