Social Engineering is the tactic of manipulating, influencing, or deceiving a victim in order to gain control over a computer system, or to steal personal and financial information. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
This is a fascinating topic that has a long history, far beyond computers. At various times in the history of India, yogis were seen as nefarious and devious trickers, people to beware of, lest they rob you of your money or dignity. An underclass of magicians, yogis were sometimes in possession of siddhis that struck fear into the minds of citizens.
In our modern age we see increasingly elegant and personal emails being delivered to innocent users that seem to know who you are, where you work, where you bank and where you shop.
All in an attempt to get you to do one thing: “Click this link” and hand over personal information to someone that should not have it.
How could someone get your personal information?
- Marketing databases – Any time you hand over personal information to a person or a company, you expose yourself to theft or poor data handling
- By calling you – It is easy to phone someone and get ask someone: “is this Joe Blogs who works at XYZ?”
- Looking you up online – We frequently promote ourselves, our personal bio, expertise, history on websites and social media
- Physical letterbox – This is a particularly slippery one with high risk. Letterboxes really should be locked, you may be surprised at what information can be gathered about a person from bank statements and other mundane letters.
The common techniques of social engineering are:
- Gain trust by claiming to be from a well-known business or impersonating a known contact
- Suggest their own verification procedures, like going to websites they have created or sent to you
- Appeal to your emotions and press your buttons to get what they want
- Create a sense of urgency to get you to make decisions without thinking
Let’s look now at the main types of scams.