‘Con Games’ are typical of most human interactions. The widespread use of and reliance on the internet has now created a scenario wherein such ‘Con Games’ are now a part and parcel of online life. Social engineering blends psychology, science and art. Although this may sound complicated, the entire process is extremely simple (Social Engineer, Inc, 2016). While the introduction might make social engineering sound extremely negative; the truth differs considerably and hence warrants an in depth study. Typically, a social engineer exploits inbuilt human ‘weaknesses or flaws’ like a helpful nature, impatience, curiosity or so on. Unlike typical hackers, social engineering does not rely on stealth attacks, but rather operates in the open under the guise of a genuine problem or issue that induces human beings to respond.
SOCIAL ENGINEERING ATTACKS: HOW DO THEY WORK?
Technology alone is no longer sufficient to protect confidential data and prevent data theft (Peters, 2015). Simply stated, the human mind tends to overlook the obvious scams that are out on the open and tends to be on the lookout for hidden scams. Social engineering is nothing more than a refined ‘con game’ wherein a confidence trickster gains the confidence and trust of other online. He or she manages to access additional network resources through which they hack into the system (Rouse, 2016). The attack is initiated in such a manner that it tricks the target human(s) into breaking the normal security protocols (Lord, 2016). Some of the commonly seen types of social engineering attacks include Baiting, Phishing, Spear Phishing, Pretexting and Scareware.
CYBER SECURITY AND HUMAN HACKING
These techniques employed by human hackers help install malware and gather confidential information of a personal or financial nature (Rouse, 2016). These measures vary from the use of infected hardware like USB drives, to fake emails, websites or even offers to download software that would claim to ‘help protect the system’, while actually inducing the user to install malware. Thus, while the advances in technology prevent certain kinds of fraud, there are no in-built safety measures for the human interaction which remains the weakest link in the entire online security system (Peters, 2015). The strongest and most stringent technology can be overcome through clever social engineering, which uses psychology to induce human elements to override security measures.
SAFETY MEASURES AND PRECAUTIONS
Some of the measures that can help prevent such social engineering attacks include precautions like locking laptops and desktops when stepping away from the desk; reading the privacy policies of the company; ensuring active anti- virus protection through paid software rather than relying on free software; and not downloading software that is recommended by strangers. All offers from strangers must be given the benefit of doubt and mails from sources that are not trustworthy should be ignored to ensure that the integrity of the system is assured (Bisson, 2015).
The positive aspect of social engineering comes into effect here. Experts recommend regular tests that help identify the weak links in the chain. In other words, regular penetration attacks help identify the persons most vulnerable to social engineering. These individuals are then trained as well as made aware of the various types of attacks by social engineers. This helps protect the security system from breach through social engineering (Rouse, 2016).
Bisson, D. (2015, March 23). 5 Social Engineering Attacks to Watch Out For. Retrieved from www.tripwire.com: http://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-to-watch-out-for/
Lord, N. (2016, June 27). Social Engineering Attacks: Common Techniques & How to Prevent an Attack. Retrieved from digitalguardian.com: https://digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attack
Peters, S. (2015). The 7 Best Social Engineering Attacks Ever. Retrieved from www.darkreading.com: http://www.darkreading.com/the-7-best-social-engineering-attacks-ever/d/d-id/1319411
Rouse, M. (2016). Social Engineering. Retrieved from searchsecurity.techtarget.com: http://searchsecurity.techtarget.com/definition/social-engineering
Social Engineer, Inc. (2016). What is Social Engineering. Retrieved from www.social-engineer.org/: http://www.social-engineer.org/