There is no denying that the internet has become an amazing extension of our world. However, with such new advances that have taken place recently, people can now do more good, or bad, than ever before. Unfortunately, there are people who have chosen to do harm and they are quickly learning how to take over companies through using the internet. These Social Hackers are different from your average hacker. While average hackers tend to take over company information through malware, these hackers are intent on using their charm and investigation skills in order to get company information from employees. These techniques are all part of a bigger company attack that is known as SOCIAL ENGINEERING.
Social engineering is the practice of using company information on the internet and using it to manipulate employees to provide more company information that can be used to fraudulent purposes. In this blog, our Business Technology Solutions team will talk about the five most common practices that social engineers use.
Phishing
The idea here is to obtain information by trying to seem legitimate and creating fake sites that are clones of legitimate sites to retrieve passwords and other personal information. The social hackers use these methods for emails and social media as well. Some social engineers have multiple Facebook and LinkedIn accounts, all of which claim different identities. With these multiple identities, social engineers look through company and employee profiles in order to learn more information about you. They take the information that they know about you and use it to manipulate you into trusting them.
Pretexting
This system works by creating a sense of trust between the victim and the attacker in order to gain access to valuable company information. Social engineering attacks usually start over the phone, after the social engineer usually has found your social media and learned more about you. The social engineer begins to interact with the people on the front lines (such as the receptionist or the sales team). The social engineer uses the information they found online to their advantage. As they talk to the employee, they gain the employee’s trust so they can later use it to get to company information.
Baiting
Baiting is a technique that tricks people into giving company information. The most common way that a social engineer can do this is by creating an email that mirrors a typical company email and asking for something valuable, such as credit card information or a wire transfer. They can also pose as someone from a different company and use regular email phishing techniques to give your computer a virus. With this method, they can access your company information faster.
Quid Pro Quo
This social engineering technique is all about creating a sense that both you and the person contracting you will benefit from your interaction. This social engineering attack allows the hacker to hide under the guise of a company that they could have very easily made up. The social hacker could use their disguise either to ask you for company information directly, or to go inside the building.
Tailgating
Tailgating is the practice of following someone into a protected facility. The social hackers do this so that they may enter a protected facility without needing to show any form of identification. Someone can have more chances of tailgating if they start a conversation with a company employee while they are entering the building. The best way to avoid tailgating altogether is to make sure that company security verifies the identity of everyone who walks into the company facility, with no exceptions.