25 May The Softer Side of Cyber Crime: How Hackers Use Social Engineering to Ensnare Their Victims
Some forms of cyber crime are strictly technical, with hackers holed up in basements running cracking programs against popular software packages, or gangs of organized criminals trying to break into corporate networks. When many people think of hacking, these are the activities that come to mind.
Those technical hackers certainly do exist, and they are a real danger to individual users and corporate IT infrastructures alike. But there is a softer side to cyber crime, one that replaces silicone with the gray matter between our ears.
That softer side of cyber crime is known as social engineering, and it can be incredibly effective in the right (or wrong) hands. Since social engineering harnesses the inherent weaknesses of the human psyche, including its built-in blind spots, it can be harder to detect and even more difficult to fight.
What the Social Engineers are Looking For
If you want to protect yourself from social engineering and similar cyber crimes, you need to start by knowing what the criminals are looking for. Every social engineering hack is slightly different, and no two hackers use the same approach to ensnaring and fleecing their victims. Even so, the types of data the criminals are looking for are relatively consistent, and that understanding is the first step to staying protected.
In a typical social engineering hack, the victim may be asked for personal information, including Social Security numbers, addresses, bank account numbers and the like. Any unsolicited requests for this kind of information should be viewed with suspicion.
Social engineers may also try to trick their victims into wiring money, sometimes in return for a portion of the proceeds or the promise of a job. This kind of social engineering may take place on job boards where legitimate employment opportunities are mixed in with the scammers.
On the corporate side, social engineers may target executives and others in positions of power, tricking them into wiring funds to fake vendors or transferring funds to outside bank accounts to seal a supposed business deal. The proceeds for these targeted attacks can be enormous, and cyber criminals are increasingly turning their efforts to the executive suite.
Other social engineers aim for a blend of human software and computer hardware, tricking victims into installing malicious programs on their devices. The malicious software may take the form of an embedded link in an email, a compromised smartphone app or a plug-in that comes loaded with dangerous software.
In some cases, the victim will be contacted by a supposed help desk engineer or tech support person. The scammer will ask the victim for access to their device, and once granted, they can take full control of the device, reading and deleting files, downloading proprietary corporate data and even accessing stored user names and passwords.
No matter what form it takes, social engineering is a dangerous trend in the world of cyber crime. From highly sophisticated attacks on corporate executives to massive call centers filled with supposed tech support experts, this softer side of cyber crime is increasingly taking center stage.
If you want to protect yourself, your business and your data, education is the first, and likely the best, defense. IT departments can shore up their firewalls and beef up their network security, but technical responses to social engineering attacks are much more difficult to implement.
In order to blunt these attacks, training is essential. From front-line employees to the corner office, every worker needs to understand the dangers of social engineering and the tactics these attacks may take. By knowing what the social engineers are after and what the red flags are, targeted victims can turn the tables and turn the tide against this dangerous form of cyber crime.Some forms of cyber crime are strictly technical, with hackers holed up in basements running cracking programs against popular software packages, or gangs of organized criminals trying to break into corporate networks. When many people think of hacking, these are the activities that come to mind.
Those technical hackers certainly do exist, and they are a real danger to individual users and corporate IT infrastructures alike. But there is a softer side to cyber crime, one that replaces silicone with the gray matter between our ears.
That softer side of cyber crime is known as social engineering, and it can be incredibly effective in the right (or wrong) hands. Since social engineering harnesses the inherent weaknesses of the human psyche, including its built-in blind spots, it can be harder to detect and even more difficult to fight.
What the Social Engineers are Looking For
If you want to protect yourself from social engineering and similar cyber crimes, you need to start by knowing what the criminals are looking for. Every social engineering hack is slightly different, and no two hackers use the same approach to ensnaring and fleecing their victims. Even so, the types of data the criminals are looking for are relatively consistent, and that understanding is the first step to staying protected.
In a typical social engineering hack, the victim may be asked for personal information, including Social Security numbers, addresses, bank account numbers and the like. Any unsolicited requests for this kind of information should be viewed with suspicion.
Social engineers may also try to trick their victims into wiring money, sometimes in return for a portion of the proceeds or the promise of a job. This kind of social engineering may take place on job boards where legitimate employment opportunities are mixed in with the scammers.
On the corporate side, social engineers may target executives and others in positions of power, tricking them into wiring funds to fake vendors or transferring funds to outside bank accounts to seal a supposed business deal. The proceeds for these targeted attacks can be enormous, and cyber criminals are increasingly turning their efforts to the executive suite.
Other social engineers aim for a blend of human software and computer hardware, tricking victims into installing malicious programs on their devices. The malicious software may take the form of an embedded link in an email, a compromised smartphone app or a plug-in that comes loaded with dangerous software.
In some cases, the victim will be contacted by a supposed help desk engineer or tech support person. The scammer will ask the victim for access to their device, and once granted, they can take full control of the device, reading and deleting files, downloading proprietary corporate data and even accessing stored user names and passwords.
No matter what form it takes, social engineering is a dangerous trend in the world of cyber crime. From highly sophisticated attacks on corporate executives to massive call centers filled with supposed tech support experts, this softer side of cyber crime is increasingly taking center stage.
If you want to protect yourself, your business and your data, education is the first, and likely the best, defense. IT departments can shore up their firewalls and beef up their network security, but technical responses to social engineering attacks are much more difficult to implement.
In order to blunt these attacks, training is essential. From front-line employees to the corner office, every worker needs to understand the dangers of social engineering and the tactics these attacks may take. By knowing what the social engineers are after and what the red flags are, targeted victims can turn the tables and turn the tide against this dangerous form of cyber crime.