Social Engineering

Recent events, such as the social engineering attack on European Central Bank’s President Christine Lagarde, occur more and more often and can cause you or your business serious trouble. The ECB President received a text message from the hackers, posing as former German chancellor Angela Merkel. Identity theft is part of the social engineering technique. This way the hackers wanted to open up a WhatsApp account that was linked to Lagard’s phone number.

But what is social engineering really? Social engineering is trickery to manoeuvre someone into exposing personal or confidential data. In social engineering this data will be used for fraudulent purposes against the victim or a whole company. In other words, social engineering is a technique of manipulating individuals, aiming them to give up personal data – including their bank credentials and other passwords. Salahdine & Kaabouch (2019) describe it as the following: “Social engineering is a technique used for a comprehensive range of malevolent events completed through human interactions. It utilizes psychological manipulation to cheat consumers leading them to make information security errors.”

Social engineering is among the most excellent means of cyber-attack, primarily because it has proven great effectiveness. Criminals know an individual user is the weakest connection in the security chain. Why? Because this user can be targeted with the collected data and therefor can become very vulnerable. Users are commonly targeted through online systems such as emails; criminals mask their messages and notifications to make them look like they come from a trusted source such as a known company, bank, or internet service provider (ISP) staff; this is a common technique of social engineering (Salahdine & Kaabouch, 2019).

Such practices trick the user into revealing sensitive information like passwords or other personal credentials. Delicate security protocols are required to successfully carry on the attack.  Scareware, baiting, spear phishing, pretexting, and phishing are the five main social engineering attacks.
Another way that social engineering works is again, that the criminal tricks his way into the personal life just to access the computer secretly and install malicious software that enables access to bank information and passwords in conjunction with granting the hackers control over the device.
Criminals prefer social engineering strategies because it is the most straightforward approach to exploit individuals’ ordinary inclination to trust.After you received a so-called phishing-mail, which usually are a typical inquiry, and you reacted to it in the way the hackers intended, they will start gaining your trust and slowly collecting data about you: which passwords you use, what times of day you are active on your computer, what your common interests are. Phishing is a perfect example: this method baits victims into trusting dangerous emails and websites that result in exposing critical information. Read more about phishing in our other blog-article. The attack cycle includes preparing (gathering data), infiltrating (establishing a relationship), exploiting the individual, and disengaging.

Human-based social engineering mainly involves a person-to-person interaction in a social network. Human events or actions contributing to a data breach are human factors in social engineering. In cybercrime, the Human Hacking trick tends to trap unsuspecting consumers by exposing information while granting access to restricted systems or spreading malicious software infections (Conteh, 2021). Human-based social engineering attacks focus on access to gaming systems or devices, physical location, and networks, particularly for financial gain.

Social engineering is a criminal activity that evolves with the dynamic nature of technology and innovation. It is the responsibility of every individual to ensure they visit protected sites, click on safe links, use virtual networks and participate in information security awareness programs to minimize social engineering.