A clip from the new Netflix series Jamtara, doing rounds on social media shows how easily a retiree is getting conned out of his life savings through a simple phone call. This type of digital scam is known as social engineering.
Social engineering is manipulating human psychology to maliciously gain un-authorized access, where instead of using hacking techniques user is tricked into giving out their confidential information.
For example, if a hacker wants to hack someone’s Facebook account the attacker will send a fake Facebook login page offering “login to see who loves you secretly” Most of the teenagers will quickly fall into this trap and they will try to login by entering username and password into the attacker’s fake Facebook login page and attacker gets access to the credentials of the victim.
One of the biggest social engineering attacks happened in 2011 at RSA parent corporation EMC. A third-party website was used to send an email. Hakers sent this email with a spoofed address posing as a job recruitment website. It had an Excel sheet attached with it.
The instance employees opened it, it gave hackers access to organisation’s systems and data.
There are many other attacks like this, where people get hacked in day-to-day life. The main reason for this is lack of awareness and technical knowledge. As we said at the beginning, the attacker will try to hack people’s mind rather than hacking the system.
There are many types of Social engineering attacks out there
#Phishing
Phishing attempts to gather personal information
Phishing involves pretending to be someone you trust. Attackers can pretend to be a personal friend, a bank or even part of the government and they’ll ask you to click links, login etc. It is the most common social engineering attacks today.
#Spear Phishing or Whaling
Spear phishing is like phishing but aimed at those with authority. These high-value targets are often victims because of the increased payoff. Scammers can spend months researching the best way to attack these people.
#Typosquatting
Typosquatting is when attackers register similar URLs and people mistake them for real and type their sensitive information trying to go to a popular website. This allows the hacker to steal their data.
Tips to prevent social engineering attacks
- Always check the URLs before clicking it, you may receive a page that may look like login page but with slight changes, clicking it will give access to the hackers.
- Your bank or finance company will not ask your credit card number or any other personal information, if someone asks you then it’s not your bank.
- Do not click on link that offers things like IPhone for RS 1, no one will give you an IPhone for 1 RS.
- Try not to install crack of paid apps on your phone or PC it may contain malware that gives the attacker full access to your phone or computer.