Social Engineering – What is it?
Everyone probably has heard the term social engineering in the news a lot lately with the various cyber attacks, viruses, and scams going on.
What is social engineering, one may ask? While your first assumption would probably be that it has something to do with a social network such as Facebook or Twitter, this is not the case. Social engineering is the deliberate and crafty attempts by hackers to gain access to your data by either tricking you or those that protect your data into handing it over.
Social engineering is one of the biggest attack vectors these days, with security ever increasing. It is the most often overlooked part of security and one of the easiest ways a hacker can gain access to your data with limited effort.
How does it work? A hacker tries to pose as a corporation, user, technician or someone else with a company or service to which you trust your data. Usually attempts come in the form of an email or commonly a phone call. What the hacker is looking to get is your access to the data, in the form of your passwords or the way you can reset these passwords, such as your private email address. Often times these cyber-criminals will actually even try to pose as you, when calling a bank for instance.
One of the recent cyber-frauds which are happening is domain name registration theft. What happens here is a cyber-criminal scours the Internet usually by social networking to find out personal details on an individual that owns or controls a domain name. This information is then very handy for the cyber-criminal to use in calling the domain-name registrar in order to have an account password reset or to have an account email change processed. At this point it’s really up to the customer support agent to be the last line of defense.
In most cases hackers have been able to have an account reset processed by only knowing an email address or last four digits of a credit card number on file because they were able to gain the trust of the customer-support agent. Once the hacker has been able to have a password reset processed and gains access to your account, it’s then an uphill battle, depending on the company, to get your access back. If you own a business and rely on your unique domain name, this could be a disaster.
The simple way to stop this is to mark on your account by calling and verifying who you are, that under no circumstances are phone call account resets allowed. Most companies and services will allow an individual to request this. In most cases this puts an end to it and hackers will not be able to social engineer your account any longer.