Social Engineering

01 May Social Engineering

Social engineering is a tactic used by hackers and cybercriminals to manipulate individuals into revealing sensitive information or performing actions that may compromise the secu- rity of a system or organisation. Numerous techniques can be used to accomplish this, including phishing emails, pretexting, baiting and physical manipulation.

The concept of social engineering can be traced back to the early 1900s with the work of psychologist Kurt Lewin. How- ever, it became well-known after Kevin Mitnick, a notorious hacker who employed social engineering strategies to access private data, published The Art of Deception.

Social engineering works by exploiting the natural human tendency to trust others and to want to help those in need. As a result, hackers frequently employ strategies like impersonation, phishing, pretexting and baiting to access sensitive data or persuade people to take actions that might not be in their best interests.

Social engineering is extremely dangerous because it can be challenging to detect and have serious consequences, such as the loss of sensitive information or financial damage. It can also be used to gain access to secure systems, leading to data breaches and cyberattacks.

THE TEN MOST POPULAR SOCIAL ENGINEERING ATTACKS ARE:

1. Phishing: sending fake emails that appear to be from a legitimate source in order to obtain sensitive information
2. Baiting: offering something desirable in exchange for sensitive information
3. Pretexting: pretending to be someone else in order to obtain sensitive information
4. Scareware: using fear tactics to trick individuals into revealing sensitive information
5. Quid pro quo: offering something in exchange for sensitive information
6. Physical manipulation: manipulating individuals in person to disclose sensitive information or perform actions
7. Impersonation: pretending to be someone else in order to gain access to sensitive information
8. Influence: using social influence tactics to persuade individuals to reveal sensitive information
9. Diversion theft: stealing sensitive information by distracting individuals
10. Hoax: using a fake story or threat to trick individuals into revealing sensitive information

TO PROTECT AGAINST SOCIAL ENGINEERING, INDIVIDUALS AND ORGANISATIONS SHOULD:

1. Educate employees on social engineering tactics and how to recognise them
2. Implement strict password policies and use two-factor authentication
3. Verify the identity of anyone requesting sensitive information
4. Use antivirus software and keep all systems and software up to date
5. Regularly review and update security protocols
6. Avoid opening suspicious emails or clicking on links from unknown sources
7. Use strong, unique passwords, and do not reuse them across multiple accounts
8. Be cautious of any unexpected or unusual requests for information or actions

Grigoris Chrysanthou, IT Network and Security Officer, Uniteam Global Business Services