Social Engineering

How many times do you walk away from your computer and you haven’t locked it? How many times do you leave important pieces of paper left laying around? What if someone you didn’t know saw this information? Could it be used wrongly?

The answer is yes. How about if someone came up to you and asked for your name? Would you give it to them? Would you think they were being friendly? Most likely but you can never be too sure. If someone wasn’t asking you your name for friendly reasons and wanted you to give away personal information, this would be social engineering.

You will probably think, I would never tell a stranger personal information, but people do and after all we are human so we are going to make mistakes. However it is important that we protect who we are and what we have so no one can take this away from us through social engineering. Social engineering occurs because people aren’t careful with their personal information

What is social engineering?

A way of gaining information by simply interacting with people. Often people will trick others to gain personal information such as your address or your email.

One of the most common type of social engineering is phishing but spam, spear phishing and baiting are all types of social engineering.

Spam – vast amounts of emails sent out to people, often containing malware.

Spear phishing – being contacted by a cybercriminal who uses information about you to try and trick you into giving away personal information such as address or bank details.

Baiting – leaving a (secondary) storage device with malware on it in a place it can be seen, hoping someone will pick it up and use it.

Dumpster diving – this is when people throw away important documents such as bank documents and then criminals will look in the rubbish for them.

Shoulder surfing – this is when someone may look over another person’s shoulder to see what they may be typing on their mobile phone or what they might be writing down as this could be personal information.

Sometimes people possibly in a work setting or at college leave pieces of paper lying around. This could be seen or picked up by someone and if the piece of paper has personal information or passwords on it, the piece of paper could be taken and used wrongly by someone. It is important that documents which are important to you are locked away or kept securely so no one else has access to them.

How can social engineering be stopped?

Never give away any confidential/personal information to anyone even if you trust them. Personal information such as banking, account details and passwords are personal for a reason.

Check who you may be giving your bank details to – is the company real or is the companies website real? If a company asks for your password over the phone or by emailing you, then don’t give your password because real companies should never do this.

Although this is repeated do not open attachments from unknown emails you receive and do not click on links in suspicious emails.

If you don’t know where a storage device came from such as a CD or USB, then don’t use the devices as malware could be stored on it.

For social engineering many of the same security rules apply and so if you follow the common rules for keeping safe online, your data has a better of chance of being kept safe and secure. Social engineering can easily happen and to anyone, so just be careful with your personal and confidential information and where you put it and who you give it to.