What is Social Engineering?
Learning the basics can help you identify threats before you fall victim. Identifying the different types of attacks is crucial to protecting yourself from social engineering.
Social engineers are everywhere. Their goal is to steal anything from your bank account to your identity. Their tactics are getting more clever and diabolical every day. And it can be increasingly difficult to detect them. Social engineers are essentially human hackers. Furthermore, they manipulate their victims much like conmen.
Hardcore social engineers are criminals who hack indiscriminately using manipulation and exploits. Additionally, These hackers use social engineering in combination with technical knowledge for financial and personal gain. But with the right information you can identify a social engineer and protect your personal data from exposure. Knowing the different types of social engineering tactics can help you to identify a social engineering attack and protect yourself.
Noobs, Script Kiddies & Trolls
There are many types of social engineers today. Some of the most common are called script kiddies. Script kiddies are unskilled hackers that use already existing software and scripts. These programs are readily available on the internet for download. Likewise, script kiddies are usually incapable of writing their own programs, code or scripts. Often times they are unable to exploit vulnerabilities, so they must rely on other means of attack, such as social engineering.
Someone who is new to hacking is generally referred to as a newbie, or noob. They generally are in the process of learning how to hack. But both can be equally as dangerous. But neither really understand how to properly hack. In addition, they can cause severe damage to a system if compromised. Hackers often start out as script kiddies and progress as they learn. Furthermore, despite being less skilled than their counterparts, script kiddies are equally as dangerous. And sometimes they resort to online harassment. These are often called internet trolls.
Internet Trolls are generally harmless but often like to harass others online. Internet trolls usually found places like chatrooms, blogs and forums. And they always seem to have an opinion and know everything. Moreover, trolls are notorious for making inflammatory posts. Their intention is to offend or antagonize. And they seem to be entertained by the drama they create. They may even resort to creating fake profiles to push an agenda. But sometimes trolls and script kiddies cross the line.
Cyberbullies harass their victims through the use of the internet. Anyone can instantly spread vicious rumors. In addition, victims can be humiliated or shamed through pictures or photoshopped images. The goal of most bullies is to harass the victim. The harassment can even be so severe, that the victim feels the only escape is suicide. Especially if the victim is suffering from mental illness. Children as young as 8 years old have taken their own lives because of cyberbullies.
Victims can be strong armed into revealing personal information or passwords. In addition, cyberbullying can be used to disguise motives. Cyberbullies can harass or stalk the victim as a means of reconnaissance, in an effort to break into accounts. And they use scare tactics to disrupt your sense of personal security and sense of safety.
Cyberstalking occurs when the harassment becomes routine. Often unaware, victims may not know that they are a target. Cyberstalkers use multiple tools and methods to track and locate their victim. The most widely used tactic is social engineering. For example, cyberstalkers use spear phishing to plant spyware or break into the victims accounts. And this would allow monitoring of online activity or collecting information on their whereabouts.
Another social engineering tactic used is bad acting. The cyberstalker befriends the victim or a member of their family. This would allow them to track the targets every move online. Stalkers may even employ the use of highly complex GPS tracking devices to track their victim. Additionally, they may even resort to exploiting a person’s phone GPS. In addition, an attacker can even spoof or clone phone numbers further concealing their identity. Cyberstalkers even resort to installing malware onto your systems in an effort to monitor your traffic or steal your data.
Cyberstalkers may already know their victim. Stalkers often use an information gathering method known as Open Source Intelligence (OSINT). These techniques allow an attacker to perform stealth reconnaissance. By using OSINT the offender can “get to know” their victim prior to the attack. OSINT is an overt method of data collection. It is the use of publicly available sources. These sources include news media and printed publications. In addition, social media, databases and search engines can be exploited for information.
Pretexting and Impersonation
Pretexting is a tactic that uses false narratives and deception. Individuals using pretexting often need to spend time doing reconnaissance prior to the attack. Pretexting requires extensive research of the target through OSINT. The most commonly used pretext is the impersonation tactic. Imposters can pose as anyone. Tech support and service provider scams are among the most popular form of pretexting. But sometimes pretexting can take place in person.
Pretexting can also take place through impersonation. An imposter may pretend to be an exterminator you didn’t expect. Tailgating occurs when the imposter walks through a locked door by piggybacking the person in front of them. It can be someone pretending to be a service technician. Or it may be the pizza delivery guy asking you to hold the door. Once an imposter gains entry they may have unfettered access to the building and network.
Phishing and Vishing
We all have heard about phishing. Phishing is the act of sending random fraudulent emails claiming to be from a legitimate sender, or company. These emails are intended to trick the victim into entering sensitive information used to gain access to an account or steal data. Additionally, Spear phishing is a targeted form of phishing, in which the sender targets the victim specifically. Spear phishing is the same as phishing and is executed the same way.
Vishing is very similar to phishing but performed over the phone. The threat actor calls the victim impersonating someone else in an attempt to trick the user into a false sense of security. Sometimes the attacker calls a company the victim does business pretending to be the victim. Bad actors can create a fake identity through social media in order to trick the victim and gain their trust. The most common form of vishing is the tech support or service call scam.
Protecting yourself from social engineering
The first thing you can do is question everything. Do not click on any email links until you have verified that the email is legitimate. The same goes for a website. Double check the URL to confirm it is legitimate. Fake URL’s can lead you to a spoof website. If you receive a phone call, you should hang up and call the company back before giving out any information. This will allow you to verify the caller is a representative of the company you do business with.
If you believe your system is infected with a virus or malware, stop all activity. Perform a system wide scan using anti-virus software or consult a reputable computer repair technician. Even text messages can be from a scammer. Never respond to messages from unknown senders or click on any links.
Regularly backup your data to an external hard drive. This will allow you to restore your computer in the event of infection or data loss. Always use secure, unique passwords or pass-phrases. Recycling passwords can leave you vulnerable. Never use obvious passwords like dates or names. Password managers can help you remember multiple passwords or hard to remember pass-phrases. Be diligent and proactive in your cybersecurity practices. Always be careful of what you share online. It is also a good idea to know what type of data and information exists on the internet. You may be able to scrub your data from online sources and protect yourself from exposure.
The first step to protecting yourself from social engineering is learning to identify it. This can help you identify threats before you fall victim. Continuing education is a great way to learn how to identify social engineering. The best defense is to practice cyber awareness and good internet hygiene. By knowing what to look for and how to identify social engineering, you can greatly reduce your risks of a data breach or attack. It can save you thousands of dollars. It can also protect your personal safety.
Hack the Stigma. Hack the Planet.
IamThePatRatt – The Bipolar Hacker