By Arpit Jain, Cyber Security Engineer at NetWeb Software,
Social engineering is a popular hacking technique with wide range of spiteful activities practiced through human interactions. It uses psychological manipulation on users to fetch their sensitive information. Such hackers will often use social engineering ways as a first step to enter a system or network and steal sensitive data or spread malware.
Is Social Engineering harmful?
Social Engineering is indeed very harmful phenomenon. Everyone is connected through social media platforms. Hence, it is not very difficult to retrieve personal information of users. So, anything that is attached to routine life of the user can also be manipulated by hackers. Since there hundreds of connections on social media profiles, it is hard to understand their authenticity, it will be hard to determine whether our information is getting stolen or not. There are instances where unknown connections try to retrieve user’s basic information like date of birth, family details, work details etc., that lead to harmful situations like Identity Fraud.
Let us consider an example. A person receives government program hoax email claiming that his company has won award worth $200,000. Falsely, this organization mentions about the selected company’s success story, how they started this lottery system and select the company. The email mentions all the details of the person and his company making him believe that this is a valid email. The hackers ask the person to fill the form and deposit some transaction amount to collect the prize. Just to create a valid impression they call the person from a US or any unknown number. After waiting for long time, that person will not get any response from the hacker. In such instances social engineering plays a crucial role in creating online scams.
Let us understand how this scam happened. The hacker connected with person through social media as an insurance agent. Hacker gradually gathered all required information from the person like about his business, financial information, family information etc. The moment hacker gained entire information he plants the scam. The point to understand is the form filled by the person includes the information that hacker has already learned through social media.
How can we become a victim?
We can also be a victim of such scams. Most of us are part of many groups on social media. So there could be instances where the person could be stealing information by finding out about the services your company is offering.
Can we stop and control hacking via social engineering?
Yes, we can minimize risks associated with social engineering such activities. All we need to do is to follow these simple steps:
- Don’t use simple passwords which that include your favorite things, birthdays, etc. which you have explicitly mentioned on social media.
- Never reveal complete information on social media or in any groups.
- Before sharing any information to unknown person, authorize and validate their company and other details.
- Never fall for the trap of lottery emails or similar offers.
- Don’t mention your personal contact details on any random post.
What steps an enterprise can take to stop and control these activities?
Implementing secure and safe policies in the organization is highly recommended. Beyond that an organization can follow these steps:
- Hiring good security team that can handle security risks.
- To implement a practice of verifying random links and then an employee can click on such links.
- Train every employee about the phishing and social engineering attacks and if they are victim then how to get rid out of this and how to be and make company safe.
- Invest in good security awareness programs and train employees for the same.
- If employees are doing work from home or remote locations, then ask them not to connect to public WiFi. In such circumstances company’s critical data can be stolen.
- Train employees to understand code of ethics so that employees are secured which on the other hand will make company secure.