 |
 Social engineering as applied to the ordinary home computer user
February 18, 2005 - Part I
Overview
This article aims to familiarize our readers with the concept of social engineering, its application in real-life situations, and ways to recognize it and remain secure.
Essence of Social Engineering
Social engineering has been in existence since ancient times, long before people ascribed a scientific name to it. Social engineering is a way of obtaining information from other people through their social "weaknesses"-such as the human tendency to trust and to be helpful and responsive, as well as lack of knowledge, ignorance, or intimidation-and later using this information to realize personal or collective gains at the expense of the victims. Hence, a perpetrator "engineers" social entryways to access coveted information.
Put plainly, social engineering is taking the information from people and using it for personal benefit.
Social engineering isn't limited to the modern computer environment; it's also very much part of our social lives. Though most social-engineering techniques are employed by computer criminals, our regular lives are not exempt from the threat.
Although this article deals with computer-related social engineering, it is very important to recognize social engineering wherever it is attempted.
Use of social engineering in the modern computer environment
Owing to the tremendous rise of computers and the way financial transactions are now being carried out, social engineering has become very dangerous, because even if a computer is 100% secured by its hardware and software (which is almost impossible), there are still ways of retrieving confidential information from it. It's not technical prowess hackers would need in this case, but a human approach, and they probably would succeed, because not everyone is knowledgeable about practical social engineering. The purpose of this article is to make sure that individual data stays protected and doesn't become compromised as a result of a social-engineering attack.
In the world of criminals and fraudsters, there are people who are brilliant in a technical sense and others who are smart on the social scene. The wise techies devise ways to hack directly into computers by developing worms and Trojans, using holes and bugs in software products to access the compromised machines and download the data stored on them. But the social hackers, who do not have this technical expertise to stage similar attacks, have devised social-engineering scams.
Most common cases of social engineering
To home computer users, the most destructive form of social engineering is undoubtedly phishing, which is the act of making the content of a site or an e-mail message appear to come from a trusted source. These maliciously constructed URL addresses and e-mail messages masquerade as authentic locations to which users think they can submit data safely, without fear or suspicion of fraud.
Phishing is the real evil on the Internet, as there are practically no automated ways to detect and contain it. Only computer users' common sense, logic, and a healthy pragmatic approach can stop phishing.
Following is an example of phishing:
In this typical example, the user gets a spam e-mail that appears to come from a well-known entity-in this case, Citigroup's Smith Barney division. It has the look and feel of a legitimate e-mail, so it can dupe the user into clicking the hyperlink to submit his or her data. Note that although the hyperlink appears to be authentic (www.smithbarney.com is the official site of the company), it actually leads the unsuspecting "clicker" to a bogus Web site.
Read next:
Continue to Part II
|
|
