Social Engineering is simply a fancy term for “Tricking somebody into divulging information on something they should not have” like giving away their password.
The basic goals of social engineering are the same as hacking in general: to gain unauthorised access to systems or information in order to commit fraud, steal information, network intrusion, industrial espionage, identity theft, or simply to disrupt a computer system or network. Typical targets include big-name corporations and financial institutions, government agencies and now more than ever – individuals.
Social engineering, is often an easy way to gain illicit access to someone’s computer and personal information than technical hacking. Even for technical people, it’s often much simpler to just pick up the phone and ask someone for his password. And most often, that’s just what a hacker will do.
Social engineering attacks take place on two levels: the physical and the psychological. A common physical setting for these attacks: the workplace, the phone, your garbage, and even through social networks and other online communities of interest. In the workplace, the hacker can simply walk in the door, and pretend to be a worker or consultant who has access to the organisation.
How often have you walked through the office and spotted a random password on a post-it note on someone’s desk? A hacker that uses Social Engineering as a tool can effectively walk from the building gaining enough information to hack the network from home later that night. Some hackers have just literally stood there and just watched oblivious employee’s type in their password. Always keep your passwords safe.
Basic methods of persuasion include: impersonation, conformity, diffusion of responsibility, and plain old friendliness. Regardless of the method used, the main objective is to convince the person disclosing the information that the social engineer is in fact a person that they can trust with that sensitive information. Ten years ago, getting access to this sort of detail would probably have taken a con-artist or an identify thief several weeks, and have required the expensive services of a private investigator. These days, many social networkers are handing over their life story on a plate through various forms of Social Media.
So once the hacker has one password, he or she can probably get into multiple accounts. Using combinations of childrens names, birthdays , dogs names etc are some of the more common passwords chosen by a majority of the global community. With so much of this information now on Facebook and other Social Media sites the risks are greater than ever. Fear of forgetting passwords is often the reason that so many people use the same password for all of their accounts…do you?
So, don’t blindly accept friends. Treat a friend as the dictionary does, namely “someone whom you know, like and trust.”
A friend is not merely a button you click on.
Learn the privacy system of any social networking site you join and use it.
Use restrictive settings by default.
You can open up to true friends later.
Assume that everything you reveal on a social networking site will be visible on the internet for ever. It will be.
Once it has been searched, and indexed, and cached, it may later turn up online no matter what steps you take to delete it.