To say the Internet has changed the lives of billions around the world would be a severe understatement. From the moment you wake up and tap your phone’s snooze button, to when you scroll through Facebook one last time before bed, you’re connected – the Internet is always there, following you like your shadow.
This makes it easy to be generous with the amount of information we share on the Internet. What we eat, the places we visit, our likes and dislikes – we wear our hearts on our sleeves, often for people we don’t know in real life.
Yet, for the unfortunate folks out there, it can turn into real life drama.
The Social Engineering Pandemic
Somehow, the Internet has distorted the notion of intimacy. Nevertheless, if everyone discloses personal information, it’s only natural to want to keep up with the Joneses – which is harmless most of the time.
Other times, oversharing information can have severe repercussions, especially in the case of social engineering. Although this method of manipulation has been around for quite some time, never before has it gained as much momentum as it has now, with billions of dollars stolen every year as a result of this “cyber-disease.”
It’s time we found the right way to alleviate the social engineering pandemic, before nothing is safe from the grasp of cybercriminals.
What Exactly is Social Engineering?
In brief terms, social engineering is the act of performing psychological manipulation for the purpose of making people divulge confidential information. However, in reality, it’s not that simple. To be a social engineer, you need skills much more complex than sweet-talking people into giving away personal data.
A social engineer has the qualities of a con-master, hacker and psychologist, all at the same time. They know exactly what people want to hear, what they respond to, and how to gain their trust; so that, eventually, the victim won’t know what’s hit them.
As mentioned before, social engineering isn’t a new concept. It’s been around ever since the thought of calling someone under a false identity first popped into a con artist’s head. Indeed, for a long time, phone calls were the most common social engineering medium – and, according to some, this “human hacking” model can be found in a non-technological context too.
However, with the rise of social media, more con artists have taken to the Internet to trick people into sharing information that could be used against them or the companies they work for. As Crescent Credit points out in a report, even sharing your pet’s name can be dangerous – “Pet’s name?” is a common security question for logging into sensitive accounts.
How Can Social Engineering Be Identified?
Awareness is the key to spotting cases of social engineering. Nobody says you should stop sharing with your social network altogether, but you should be more careful about who you accept as an online friend and the depth of information you reveal.
Following your common sense is generally the best idea but, as a guideline, some of the most common signs of social engineering include:
- Unexpected calls from unknown people – bear in mind that legitimate companies won’t ask for sensitive information over the phone;
- Fishy emails from suspicious-looking email addresses or business names, or with subject lines that seem unrealistic – e.g. offering a ridiculous discount;
- Any other instance when you’re asked for personal information, such as passwords or access logins, or when you’re asked to send money to anyone.
How Can You Protect Against it?
Being more aware of various social engineering strategies helps, but actively protecting yourself against them is what will save you from disaster. For example:
- Never share passwords – not even when you are contacted by someone who appears to be a bank official or a member of a tech support team.
- Don’t click on random links – whether received by email, on Facebook or by IMs you receive from your coworkers. The more shocking the headline, the faster you should run away from it.
- Don’t send money to people you don’t know.
- Ask “officials” to identify themselves – and even if they do, remain cautious about sharing info with them.
- Be discrete when posting anything on the Internet. Before clicking the Share, Tweet or Pin button, consider what that piece of information says about you, and how it could be used it against you.
- Advise your family, employees and coworkers to do the same.
- Generally, if something sounds too good to be true, it’s probably social engineering.
Social engineering may feel like an incurable disease – it is, after all, impossible to stop – but it can’t hurt us if we don’t fall into its trap. Keep yourself well-informed about the “dark side” of the internet and stay away from it at all costs – avoiding a security breach can save you or your company from life-shattering costs in the long-run.