In my previous article, I have talked more about social engineering and some of the reasons why you need to keep your personal data and identity secured. In this article, I want to discuss some of the facts that you need to know about human-based social engineering. Follow me as we are going to look at this together in this article.
Social Engineering is the art of convincing people to reveal confidential information. It is the trick used to gain sensitive information by exploiting basic human nature. The act intends to gather sensitive information such as credit card details, social security numbers among others which include passwords and other personal information.
Some examples…
“Hi, we are from CONESCO Software. We are hiring new software development team. We got your contact from a popular job portal. Please provide details of your job profile , current project information , social security number and your residential address.”
Another one…
” Hi, I am Mike calling from CITI Bank. Due to threat perception, we are updating our core systems with new security features. Can you provide your personal details to verify that you are Stella?”
And another one…
“Hi. I am John Brown. I am with the external auditor Mr Sandrex. We have been told by Corporate to do a surprise inspection of your disaster recovery procedures. You have 10 minutes to show me how you would recover from a website crash”
We have two types of social engineering which are:
- Human-based social engineering
- Computer-based social engineering
#1 Human-Based Social Engineering
Eavesdropping is unauthorised listening to conversations or reading of messages. It is interception of any form of communication such as audio, video, or written conversions.
#2 Shoulder Surfing
Shoulder surfing is the procedure where the attacker looks over the user’s shoulder to gain critical information such as password, personal identification number, account numbers, credit card information e.t.c.
An attacker may also watch the user from a distance using binoculars in order to get the piece of information.
#3 Dumpster Diving
Dumpster diving includes searching for sensitive information at the target company’s trash bin, printer thrash bin, or user’s desk for sticky notes among others.
It involves the collection of phone bills, contact information, financial information, operations related information among others.
Computer-Based Social Engineering
Here are some of the instances of computer-based social engineering…
#1 Pop Up Windows
Windows that suddenly pop up while surfing the internet and ask for the user’s information to log in or sign in.
#2 Hoax letters
Hoax letters are emails that issue warnings to the users on new viruses, Trojans, or worms that may harm users’ systems.
#3 Chain letters
Chain letters are emails that offer free gifts such as money and software on the condition that the user has to forward the mail to the said number of persons.
#4 Instant Messaging
Gathering personal information by chatting with a selected online user to get information such as birth names and maiden names.
#5 Spam Email
Irrelevant, unwanted, and unsolicited email to collect the financial information, social security numbers, and network information.
#6 Phishing
This is an illegitimate email falsely claiming to be from a legitimate site that attempts to acquire the user’s personal or acquired information.
Phishing emails or pop-ups redirect users to fake websites or mimic trustworthy site that asks them to submit their personal information.
#7 Phony Security Alerts
Phoney security alerts are the emails or pop up windows that seem to be from reputable hardware or software manufacturers like Microsoft, Dell among others.
It warns/ alerts the user that the system is infected and thus will provide an attachment or a link in order to patch the system. Scammers suggest to the user to download and install those patches. The trap is that the file contains malicious programs that may infect the user’s system.
#8 Social Networking sites
Computer-based social engineering is carried out through social networking sites such as Orkut, Facebook, Myspace, LinkedIn, and Twitter among others. Attackers use social networking sites to exploit a user’s personal information.
Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.
I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.
Fact Check Policy
CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.
|
Leave a Reply