What is Social Engineering?
Social Engineering is essentially a term that defines the process of obtaining valuable private information by tricking someone into giving it to you. This can be done via phishing emails, texts, calls, and other methods. The process usually begins with a hacker doing some kind of research on their target and establishing trust with the target.
As an example, let’s say I want to gain access to an online account of yours but I don’t know the credentials. If I am able to establish a relationship with you, I can likely talk my way into information necessary for logging into the account without you noticing. I could first start by asking for your email and legitimately sending you safe and relevant emails that would further establish your trust in me. From there, I can take the email address and plug it into the website where there account I want to compromise is located. I would then click the “Forgot my Password” button which would reveal the security questions necessary to reset the password. Once I know the security questions, I can rely on the trust in our relationship to get the necessary information. This is because asking what someone’s first job was, wouldn’t raise any red flags in conversation. Honestly, most security questions wouldn’t raise flags in conversation as long as trust has been established and the topic is approached naturally. Due to the nature of how natural this feels, your account could get compromised and you probably wouldn’t even think twice about the conversation you had recently where you unknowingly gave away all the answers to your security questions.
How Do I Protect Myself?
Socail Engineering literally relies on tricking you into divulging your own private information. The only way to avoid it is to use discernment on who to trust and what level of information to trust those people with. In my daily life, there are few people who know details such as my birthday, family member names, cell phone number, email address, address, and other related details. Understanding that these pieces of information can be used against you, can help you to understand that these details should not be shared with ease. When I meet new people I am often surprised at how much information they volunteer within a short period of time. Seriously, without asking, some people will provide you intimate details such as last name, date of birth, phone number, residence location, workplace, and more. While I am not a hacker, I am frightened at how vulnerable most people are.
To protect yourself and your family from Social Engineering attacks you should ensure that you all understand what social engineering is. Having this understanding can help you to understand which information should be guarded and develop better discernment on what information is appropriate to provide to who.
Stay safe.