Home‎ > ‎Ethics‎ > ‎

Social engineering

    It is no doubt that Information Technology makes our life convenient and comfortable. The Information Technology is growing in an unimaginable speed today. But at the same time, the growth of the Information Technology also makes us face some risks or crimes we never meet before. With the computer and network becoming more and more popular, Hacker or social engineer gets power because of high growth in information technology.  Social Engineering is a kind of Cyber Crimes, which highly depend on modern information technology.

    Social Engineering is a collection of techniques and methods used to manipulate people into performing actions or divulging confidential information. [1] A social engineer usually uses a confidence trick (or confidence game) to defraud a person by getting his confidence. For example, a person using social engineering to break into a computer network would try to gain the confidence of someone who is authorized to access the network in order to get them to reveal information that compromises the network's security. 

    Because the Social Engineering is hardware and software independent, which means it can get access to any system platform,  and in most cases the attacker never comes face-to-face with the victim. it is the hardest attack to defend. A talented social engineer can use the telephone or internet to trick people into revealing some private information like a password or credit card number, or get them to do something illegal just like a hacker. 

    Lets take an brief overview about some common method of Social Engineering.
    Also known as "Skip diving", which originally is the process of scavenging trash, not always dumpsters for useful or valuable items. But here Dumpster Diving is used to represent the activity by searching discarded documents or other information of the victim to find the valuable information or intelligence for the dumpster diver. Usually one company's garbage is another company's gold. That's why Dumpster Diving is so popular today.
    Pretexting is another form of the social Engineering in which one can use false identity or purpose to get some privileged data about another one. Pretexting can be employed by telephone or email. It can also be employed through customer service or a company's website. Generally a pretexter will invent some scenarios to build trust with the victim.
For example, a pretexter might call an individual claiming affiliation with a bank, survey firm or credit agency. In another scenario, a pretexter might claim to be a customer, client or employee of a company to gain access to phone or electronic records. After establishing trust, the pretexter might ask a series of questions designed to gather key individual identifiers (like social security numbers, place or date of birth, or account numbers) under the guise of needing to confirm the individual's identity or account. Then the pretexter could also use forged or stolen identification documents to extract customer information directly from a targeted institution.
    The typical way to conduct phishing is to send a email to a user by pretending to come from a legitimate business like a bank or credit card company. This email will ask the customer to verify his personal information or some serious consequence will happen. Generally the victim is asked to update his information through visiting a fraudulent website,  where some important information like password, credit card number or bank account number is needed to fill. So Phishing is the technique of  fraudulent obtaining private information.
    Email spoofing may occur in different forms, but all have a similar result: a user receives email that appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).
    A Trojan horse program is a software that might be useful for your PC like install this software , it will increase your speed of your system. if you install this type of Trojan horse program it would not increase speed of your PC, instead it will provide all your personal information stored in your system to Social Engineer.

    All Social Engineering techniques are based on some specific attributes of human decision making process. In some situations, we will generate some deviation When we make a judgment, which is called cognitive biases.  These  biases give Social Engineers the chances to launch various attacks to our information security. Social Engineering also relies on people's inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it.

    Security experts propose that as our culture becomes more dependent on information, social engineering will remain the greatest threat to any security system. Prevention includes educating people about the value of information, training them to protect it, and increasing people's awareness of how social engineers operate.

    We can fight Social Engineering by following some common sense guidelines:   

  1. Always install Firewall and Anti-spyware to protect your system.
  2. Change your password frequently, don't create easy type of password that hacker can easily crack.
  3. Show caution when opening email attachments.
  4. Always update your system with latest Antivirus software and operating  system.
  5. Keep verifying your credit card statement and bank balance.
  6. Don't have confidential conversations in public settings.
  7. Modify your web browser settings according to your requirements.
  8. Shop online with only reputable web that provide your the online security.
  9. Log out of sensitive programs when you walk away from your computer

[1] wikipedia

http://en.wikipedia.org/wiki/Social_engineering_(security)


Comments