What Is Social Engineering and How Does It Work?

Social engineering is a method that criminals use to gain unauthorized access to your computer. The act of social engineering can start with the offline environment and then move to online activities which are all associated with one motive in mind, which is to gain unauthorized access to PCs and personal information. Social engineering tactics reveal themselves in the form of phishing attacks, spear phishing attacks, and email hoaxes, as well as a myriad of offline activities.

How Social Engineering Works

First, we will take a look at some of the offline activities that criminals use to perpetrate social engineering.

  • Penetration Testing: Offline hackers use a social engineering method known as penetration testing or "pen testing." Penetration testing involves evaluation of a computer system or network to search for vulnerabilities in the system for the purpose of exploiting it. To gain access to the system so a pen test can be performed, the hacker leaves USB keys in public areas so the people will pick them up and insert them into the office PCs or they send CDs to workers in an organization so they will insert them into the PCs on the network.
  • VoIP Exploits: VoIP means Voice over Internet Protocol and involves the use of telephony. Hackers exploit VoIPs by leaving phishing voice messages telling the recipient that there is a problem with their bank account. The hacker then leaves an 800 number to try and trick the recipient into calling the number to reveal bank account information.
  • Bandit Signs: Another offline social engineering method is leaving advertisements around parking lots and other public areas that entice the reader to log onto a malicious website. The website URL is passed off as legitimate through an authentic looking advertisement for a charitable cause or something else related.

Here are some of the ways hackers perform social engineering methods online.

  • Malware Installation: Social engineering hackers install malware through everything from ActiveX Controls to email and websites. Some of the malware is designed to mirror other websites so when you type in a search it pulls up websites that look like the usual websites that you visit only they are bogus and trick you into entering information into what you think is the legitimate site.
  • Targeted Attacks: With a targeted attack, the hacker specifically profiles the intrusion so the attack is directed to you personally. Examples of this include email that is addressed in your name, email that is disguised as coming from a legitimate source, and social networking messages that have information stolen from resume sites so the information in the message is directly targeted at the recipient.
  • Email Hoaxes: Social engineering can be performed through email messages that claim you won a lottery or promise you a high return on investment if you contribute money to a specific cause. In reality these are scams to get you to reveal your personal information and to steal money from you for financial gain on the part of the hacker.
Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Identity theft comes in many forms.

A person\92s identity can be 'borrowed' for the purpose of creating fictional credit cards or a person\92s entire identity can be usurped to the point where they can have difficulty proving that they really are who they claim to be.

Up to 18% of identity theft victims take as long as four years to realize that their identity has been stolen.

There are many ways to protect your personal identity and many steps you can take to prevent your identity from being stolen:

*Never give out unnecessary personal information
*Never provide bank details or social security numbers over the Internet
*Always remain aware of who is standing behind you when you type in your personal credit codes at ATM machines and at supermarket checkout swipe machines.