Understanding social engineering

At the heart of many of the malicious ploys that we see online is one underlying concept: social engineering. Deceptive social engineering tactics are interwoven throughout the Web, as you shop, bank, and socialize. Keep reading to learn how to recognize these attacks and avoid them.

You may have heard the phrase “social engineering’ before, but what exactly is it? Social engineering is when a scammer – rather than using technical hacking techniques – manipulates, tricks or deceives people into performing certain actions or divulging personal information.

Social engineers take advantage of human behavior to pull off their scams – with the aimed end result of infecting a user with malware, and stealing personal information or money. Social engineering attacks are becoming more complex and increasingly prevalent, according to security experts.

Social engineering attacks aimed at home computer users often take advantage of basic human emotions to manipulate and persuade people to fall for their ploys – including curiosity, fear, and empathy. Let’s take a look at some common methods of exploitation based on these emotions:

Curiosity. Exploiting a person’s curiosity might involve sending an e-mail that purportedly contains a link to watch a video about the latest sensational news story. The link, however, will lead to a malicious site aimed at installing malware or stealing private information.

Fear. One tactic cyber thieves use to instill fear and persuade a person to act in a certain way is by sending phishing e-mails, supposedly from a victim’s bank. Using the claim that his or her account has been breached, the message will push the user to click a certain link to validate the account. Again, the link will lead to a malicious site aimed at compromising the person’s computer, or stealing sensitive information.

Empathy. To take advantage of a person’s empathetic feelings towards others, hackers have been known to impersonate victims’ friends on networking sites, claiming to urgently need money. In another prime example, recent social engineering scams have also been seen in the wake of the earthquakes in Haiti, with con artists attempting to profit from the feeling of good will that follows such events to target users with donation scams.

While the above tactics are common ploys, it’s important to keep in mind that there are many other methods used by scammers; we can expect almost limitless variations on tried and true attacks that have been found to be successful in the past. All of these tactics, however, involve an interactive choice by the computer user – meaning that, armed with the right knowledge, you can effectively choose to not be the victim.

Protecting your PC with trusted security software is a valuable first step to help keep you safe from social engineering attacks. But, you also need to be aware of social engineering tactics, and employ a healthy dose of skepticism when online.