People, like computers, can be hacked using a process called social engineering, and there’s a good chance a cybersecurity attack on your organization could start with this technique.
We don’t operate like computers–they only do what they’re told, executing tasks based on a set of instructions, without the ability to critically assess the honesty or good faith of the person giving the input. At least, that’s what we think is different about us and machines.
But that isn’t the case at all: We humans, for all our smarts and ability to make critical judgements, are also prone to taking our instructions at face value without considering the honesty of the person asking us to do something. Hackers have learned this and turned it into a process called social engineering.
Con artists have been performing social engineering tricks for centuries. In the age of cybercrimes and online scams, social engineering has become far more threatening: Con artists can now reach out and trick you without ever having to speak a word, and it’s becoming one of the preferred methods of gaining illicit access to secure systems.
Social engineering attacks take a multitude of forms, both using a computer and in the physical world. It is apparent that almost every single security incident starts with at least some kind of social engineering.
- Phishing attacks attempt to get unsuspecting users to click on a link, download a file, or respond with personal details.
- Phone spoofing, or “vishing,” can involve being called by a scammer, or a scammer placing the call in an attempt to glean personally identifying information or resetting a password.
- Baiting attacks involve exploiting someone’s curiosity to get them to something an attacker wants, like plugging in a found USB stick that then injects malware into a network.
- Pretexting, named not for sending an SMS message but rather for the act of presenting oneself under a false pretext, involves things like dressing in a delivery service uniform to sneak past guards, or “walking briskly and carrying a clipboard.”
- SMS spoofing can also be used to convince smartphone users to call a number set up to harvest data, steal bank account information, etc.
All of these techniques present a false front that convinces someone to do something, unwittingly, against their best interests.
here’s no two ways about it: Everyone is at risk of being targeted for a social engineering attack, and those attacks are getting more successful. Numbers from security research firm CyberEdge indicate that more attacks are succeeding year over year, up to 78% in 2019.
Social engineering is successful because it’s so insidious. It preys on people’s desire to help, or inherent trust granted when an email comes from someone who is perceived to be a supervisor, government official, or other authority figure. Source
iTM covers all aspects of cybersecurity from Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.