Arrowhead Technologies

From the blog

Social Engineering, The Art of Hacking Humans

social engineering photo with woman typing

Social engineering is an attack that relies heavily on human interaction and often involves manipulating people to break normal security procedures. Usually, criminals are looking for your passwords, bank information or access your computer so that they can secretly install malicious software–giving them control over your computer.

But why not just hack into your system? The concept is that it is much easier to trick someone into giving you their password than it is for you to try hacking their password–unless, of course, the password is weak.

How They Attack

Using Your Friends

Criminals using social engineering may use your friend’s email to get to you. Commonly, a hacker will manage to obtain one victim’s email password and then send emails or social media messages to their entire contact list.

These messages take advantage of your trust and curiosity. They may:

  • Contain a link that you just have to check out–and because the link comes from a friend and you’re curious, you’ll trust the link and click–and be infected with malware so the criminal can take over your machine and repeat the process again and again.
  • Contain a download–pictures, music, movie, document, etc., that has malicious software embedded. You’re likely to download something sent from your friend, and if you do, the criminal may gain access to your machine, email account, social network accounts and the attack spreads to everyone you know.
  • Urgently ask for your help–your ’friend’ has been lost, traveling, robbed, beaten, or is in the hospital. They need you to send money so they can get home.
  • Asks you to donate to their charitable fundraiser, or some other cause – with instructions on how to send the money to, you guessed it, the criminal.

Through Phishing

Phishing is when a ‘phisher’ sends any form of communication that appears to come from a legitimate company, bank, school, or institution. These messages usually have a story behind them:

  • There is a problem that requires you to “verify” of information by clicking on the displayed link and providing information in their form. The link location may look very legitimate with all the right logos, and content (in fact, many criminals copy the exact format and content of the legitimate site). Because everything looks legitimate, you trust the email and the phony site and provide whatever information the crook is asking for.
  • You’re a ’winner’. Maybe the email claims to be from a lottery, contest, or a dead relative, etc. In order to recieve your ’winnings’ you have to provide information about your bank, your address and phone number, or you may have to prove who you are by confirming your Social Security Number.
  • I need help.  These phishing attacks feed off of people’s kindness and ask for aid for a disaster, political campaign, local issue or charity.

People who take the bait may be infected with malicious software that can generate any number of new exploits against themselves and their contacts, may lose money without receiving their purchased item/trip, have their identify stolen/sold, and may find their bank account empty.

Don’t Become a Victim

  • Slow down. Spammers want you to act first and think later. If the message conveys a sense of urgency, or uses high-pressure sales tactics be skeptical; never let their urgency influence your careful review.
  • Research the facts. Be suspicious of any unsolicited messages. If the email looks like it is from a company you use, do your own research. Use a search engine to go to the real company’s site, or a phone directory to find their phone number.
  • Delete any request for financial information or passwords. If you get asked to reply to a message with personal information, it’s a scam.
  • Reject requests for help or offers of help. If you did not specifically request assistance from the sender, consider any offer to ’help’ a scam. If you receive something from a charity or organization asking for help, always assume it’s a scam and make a habit of seeking out reputable charitable organizations on your own.
  • Be hesitant with links. Stay in control by finding websites yourself using a search engine to be sure you land where you intend to land.

Curiosity leads to careless clicking–protect yourself by setting your spam filters to high and securing your computing devices. This means installing anti-virus software, firewalls, email filters, and keeping them up-to-date. Contact us today to make sure you don’t become a victim of social engineering.