Social engineering tactics and methods

Social Engineering Tactics

SOCIOLOGY

There is a lot of controversy when it comes to understanding social engineering. Its Mere definition sparks various arguments amongst renowned scholars. "It is basically the act of manipulating a person to do something that may or may not be for the person's best interest "(Social, 2010).It involves making a person to do certain actions, and acquiring information from the person. It might seem like a deceptive way of doing things, but it is what everyone does in their daily lives like an innocent child trying to get candy from their parents, or someone on a campaign trail seeking votes. Its level of complexity and wide scope of use makes it a science. Just like any other type of science, social engineering can be used in almost all kinds of activities and for various reasons (Podgorecki and Alexander, 1996)

This paper will focus on how social engineering is being applied and how individuals and organization can be protected. Due to its wide scope of application key highlights will be on: impersonation, hoaxing, creating confusion, reverse social engineering, spamming and use of fake anti-spyware.

Common social engineering tactics

Impersonation

Impersonation is one of the oldest tricks the engineers persuade their targets to release information or to do something for them through telephones and mails. It usually takes longer than other methods because the engineers need accurate information so as to fully convince their targets. An example, an engineer using this method may pretend to represent your bank, and then give a few details about your account, and then will tell you there is a technical hitch and your account has been disabled so he needs your pin so as to activate your account. This technique requires a lot of effort and research to appear legitimate to the victim.

Hoaxing

A technique like hoaxing is much simpler and easier for engineers. This is tricking people to believe that something is real and it is false. It mostly affects individuals because there are more vulnerable to such ploys than corporations (Thapar, 2008). Another technique similar to hoaxing is creating confusion. This is basically creating a situation and taking advantage of it. An example can be a person causing mayhem in an office thus distracting staff while his accomplices get access to information.

Reverse Social Engineering, Spamming and fake antispyware

There are other more complex methods that are emerging from social engineers like reverse social engineering, spamming, and fake antispyware. Reverse social engineering is smart method where one tricks the victim by creating a platform to be asked questions instead of questioning the victims. In this type of social engineering, the engineers create an impression of being in a particular field of expertise or having certain authority, and they use the trust they have won from their victims.

The use of spamming and fake anti-spyware is fully dependent on the internet and cannot be carried out in without it since the engineering happens online. Spamming involves receiving deceptive mail like one has won the lottery then engineers ask for information to receive payment so as to gain financially or for social gains. For fake spyware, they claim to have utilities that are anti-spyware but are actually the spyware that can hack into your system. The engineers in this case pretend to be genuine and are out to offer solutions.

Protecting individuals from social engineering

There are various ways to prevent social engineering when one is using the internet. People should update themselves on the new techniques that social engineers are using. People should always contact their banks or any other financial institution using unknown sites or links. A website can never be assumed to be legitimate just by looking at it, it is important to ensure from experts that a website that is being used to give crucial information is a secured website.

It is also very important to regularly check your online accounts, and passwords should be changed as often as possible. It is not advisable to fill out forms from popup windows or emails. Lastly, account balance should be checked regularly, and bank statements should be demanded from your banker to ensure your account has not been hacked.

Protecting organizations from social engineering

For any organization to combat social engineering, it is important to ensure there is high level security, and creating awareness by educating employees on social engineering. When it comes to security, an organization should have a well documented policy on security containing guidelines on how to use the computer system, telephone and networks as well as email usage. All prospective employees should also be screened so that they don't pose a threat to the organization. Software systems like firewalls and antivirus software should be put in place so as to filter security breach occurrences.