The telephone rang and a professional female voice told Ms. Christina that she is from Calypso bank where Christina is holding her account. The lady informs that there is a data breach that has happened in the bank and they suspect that the customers accounts are compromised.
She advises Christina to change the password by clicking on a link shared by the bank in the mail. Following her instructions, Christina quickly resets the passwords by clicking the link shared to her mailbox.
But…….within minutes Christina receives a message on her mobile saying that her account is debited with the amount of 1xxxx ….
So what do you think has transpired here?
The professional female voice over the phone was a skilled hacker, who duped Christina to give away her password and other confidential information in easy simple steps by manipulating her to give personal or confidential information.
The cyber world calls this -the art of human hacking or otherwise Social Engineering.
Social engineering is not a new concept but works well because of the natural tendency of the humans to trust another. And hackers manipulate the human factor and exploit trust to steal valuable information like card details, bank details, passwords, pins and other confidential information.
What is Social Engineering?
Wikipedia defines social engineering as “The art of manipulating people into performing actions or divulging confidential information.”
Let us look at the common social engineering techniques
1.Phishing
Phishing is one of the most common forms of social engineering techniques.The social engineer tries to impersonate a genuine website and then ask the targeted users to share the confidential details. For example, the hacker can create a web page that is similar to the homepage of an online bank and dupe the user to enter the account details.
The social engineers use emails as the most common medium to send spam phishing emails to hundreds and thousands of users.
2.Spear Phishing
It is a subset of phishing, but here the hackers are targeting an exclusive group, individual or organisation to steal sensitive information from them. The hackers here work more intelligently as they closely study about the target and their behaviour etc to plan and implement the attack.
3.Baiting
Have you ever come across an unattended USB pendrive on your desk or at the cyber cafe that you visit?
If yes, I recommend never to plugin the device to your personal device like the laptop, desktop etc. This can be a strategy or a bait used by smart hackers , the hackers pre installs the usb device with malwares, viruses and even keyloggers that can infect the devices of the users.
Attackers leaves the USB device intentionally expecting that the curiosity of the users might lead to plug the device and check the contents. Here the USB device is a bait the hackers had set to trap the users.
4.Familiarity Exploit
This type of social engineering is usually time consuming and the social engineers need to have the best skills and plans to successfully execute the hack.
The hackers first make themselves familiar within the target group so that nobody doubts them.
For example, they visit the organisation several times and eventually they become trusted. At that point they can begin working their way inside the company, gaining access to areas that are usually restricted .
5.Tailgating
This technique involves following users behind as they enter restricted areas. And it is natural that as a human courtesy, the user is most likely to let the social engineer inside the restricted area without questioning who is he
These are some of the social engineering techniques used by the social engineers at large to steal the data. While we have seen the various types of social engineering techniques, here are my three tips that can prepare your workforce from social engineers?
1.Improve your workforce’s emotional intelligence
2. Train them to keep thier accounts and devices safe
3. And last but not the least think before you act…
With the explosion and increasing use of social media apps and websites, it becomes more easy for the social engineers and hackers to learn about the targets. Hence I feel that the users should be trained on the various aspects of social engineering and its threats.
Organisation can implement e-learning modules to train the workers on the topic of social engineering. Recently we developed a set of microlearning modules for a Bank on the topic of social engineering. The module has several subsections that shows the different types of social engineering techniques and its consequences For example, the microlearning module included the following-
1. Interesting e-learning scenarios on Social engineering
2.Game based assessments
3.Rewards and points and much more
If you are looking to develop amazing e-learning modules on social engineering, feel free to contact us for any assistance
