Social engineering is the act of getting useful information by tricking people and taking advantage of human behavior--not by breaking into or using hacking methods. Social engineering relies more on the scammer's skills of persuasion, rather than technical methods or hacking. Once a user is tricked, the scammer uses information gained to log on to a computer or enter an office.
There are two ways in which social engineering scams can be conducted. One of the methods is physical, such as by visiting a building and predicting the most likely weaknesses in that structure. For example, the scammer may predict which entry points are likely to be kept open, guess which power controls that are not secured, or pose as an authorized visitor to gain entrance. The other method acts on the psychological aspects. In this method, people are most likely to give out sensitive information such as passwords, credit card information and other details as they fall prey to tricks by scam artists and fraudsters who use several angles to convince people to give them this information. Most people are not even aware that they are being tricked.
In some cases, both of these methods are used.
A Social Engineering Example
Imagine the following situation is a call that you receive.
"Hi, this is John Paxton from American Express. I see that you have performed transactions worth $2000 on your credit card. Since this is a very large transaction amount, we suspect that your credit card information is compromised. If you do not act to report this transaction as fraudulent, you may be responsible for these charges. As a courtesy, I can handle all the reporting on this card, but you need to verify the card number and a few other details. I am calling you regarding the card number ending in 4890. Please verify these details soon so that I can report the fraud."
With such a call, you may initially worry about the charges that you may encounter and potential damage to your credit. So you may fall prey to the trick and reveal your credit card information. Some of your doubts about the caller may be removed by the fact that he has told you the last four digits of your credit card. So even with doubts, you may reveal your full information. If the fraudster calls you in the middle of the night, as if an emergency situation, you may feel even more vulnerable.
The scam artists may do a little preparation to obtain a part of your credit card information. By looking through garbage, someone can find credit card charge slips or a few paper statements giving out your information, even contact information.
The above instance indicates that scams can be engineered and information obtained by means other than hacking. Information can be easily obtained by taking advantage of psychological aspects of human behavior.
Types of Social Engineering Scams
Some of the most popular types of social engineering scams are listed below:
Recent Trends in Social Engineering
Social engineering can be a slow process that works to gather small pieces of information first to earn the victim's trust, and then seeking out more sensitive information. Social engineering has been prevalent for a long time, but with the advent of social networking, there is a large amount of information about people that is available publicly and accessible to many people. People reveal information through blogs and Twitter posts, but also by throwing away paper printed with data about their accounts and contact information.
Despite new technologies, phone calls remain common tactic. After hearing a troubling story by a convincing scam artist, many people easily give out the requested information without verifying the source of the call.
Spam messages are also a source of social engineering. The messages may indicate that somone has won a lottery and needs to follow a few simple steps to claim the prize. Some messages are sent with a link promising free broadcast of their favorite television channels or sports events. These messages can even fool people who are aware of the social engineering scams, as they tend to let down their guard when approached with an offer that interests them.
How to Protect Yourself Against Scams
By educating oneself about scams, the effects of social engineering can be minimized greatly.
- Do not reveal passwords or other sensitive information to any individual directly or through email or phone.
- Do not make credit card transactions on untrustworthy websites. You may see a good deal on an unknown website, but it may just be a means to gather credit card information. Always verify that the website is trusted before making a purchase.
- Be careful to keep personal information off social networking websites and blogs. Most information that is published on social networking sites or blogs is usually available to all public. You may feel a sense of immediate gratification by sharing news about yourself with others, but it may hurt you in the long term because your data may be compromised by malicious entities.
- Ensure that you have applied proper privacy settings for your computer. By using a good privacy protection tool, you can safeguard yourself from many of the common scams which extract information from you, such as unsafe web links and malicious websites.
- Educate your friends and family know about the effects of social engineering scams: The knowledge of how things work in these scams and examples of such events will teach others to prevent them from falling prey to such events.
- Contact relevant authorities on suspected scams. If you feel that someone is trying to obtain such information, make sure to alert relevant authorities so that they can take action against such individuals.
Scams through social engineering have been taking place for a long time. To protect yourself, your family and your friends, it is important stay aware of these kinds of scams. The more people learn about them, the less likely they are to become a victim.
Print view
Email to a friend
Submit to Reddit
Save to del.icio.us
Submit to Digg.com
Stumble It!