Social engineering – the art of deceiving people

Social engineering is a popular tool cybercriminals use to get their dirty on your identity, your money, your data. Worse than the most intrusive malware, socially engineered threats are harder to protect against. Why? Because they target you, not just your computer system.

Social engineering, a term popularized by hacker-turned-consultant, Kevin Mitnick, is the act of tricking people into doing something they wouldn’t normally do, like giving out confidential information.

Buzz-worthy events like natural disasters, highly anticipated product launches, and major sporting events always catch people’s attention. And those with Internet access naturally surf the web to see the latest news.

  • Minutes after the 3/11 tsunami in Japan occurred, fake news sites hosting FakeAV malware infected the systems of users in search of updates.
  • A fake iPad giveaway promo tricked victims into giving away their personal information via email.
  • A fake Twitter app that supposedly monitored victims’ follower activities instead allowed bad guys to hijack their accounts.

Celebrity news is sure to gain interest. It caters to a wide range of audiences, and so gets more media attention too. In the battle for readership, media outfits may rely on exaggeration to grab the public eye. The more unbelievable the headline, the more readers flock to read about it.

Social media sites are awash in sensational headlines and malicious links. A Facebook scam page once offered victims a free Christmas theme plug-in, which instead allowed victims’ accounts to be hijacked for spamming purposes. Various events related to Michael Jackson’s death lured victims to download malware in the guise of an image that spread via MSN Messenger.

They say trust is gained. Treat new sites like people you meet for the first time. Just as you don’t trust everyone you meet the first time you lay eyes on them, don’t immediately trust sites you’re prompted to visit.

Never click suspicious links, no matter how promising their accompanying messages seem. Promises that are too good to be true are just that.

Don’t be intimidated by threats. A lot of bad guys rely on fear to scare you into doing something you otherwise wouldn’t. It’s always best to ignore scare tactics outright.

See what others are saying about Social Engineering:
= Link leaves this site.