Persecuting masses through social engineering

Update: 2019-06-14 00:45 IST

In this aeon of e-commerce and digital banking, the consumers are becoming prey to the online impostors more sternly than ever.

Likewise, like any Electronic Counter Measure (ECM) has another Electronic Counter Counter Measure (ECCM), the online swindlers are carving ways through alternate means of social engineering to attack in various progressive forms — in spite of adequate countermeasures have been adopted by the distressed agencies.

In general, an all-encompassing array of malevolent actions consummated through human interactions can be referred to as social engineering.

The modus operandi for this process involves psychological manipulation to set off consumers — to let them make security slipups or rip-off sensitive information. In the 1990s, Kevin Mitnick, a popular hacker, made the concept of social engineering widespread.

Social engineering is a cyclic process that involves mainly the following five steps: information gathering; plan attack; acquiring tools; attacking; and using of acquired knowledge.

The attacks using social engineering may come about in one or more of the aforesaid steps. A culprit first explores the proposed victim to crease such necessary contextual information as impending points of entry and weak security protocols that are required to advance with the attack.

At that time, the perpetrator efforts to gain the prey's trust and offer stimuli for ensuing actions that break such security practices as disclosing of vital information or granting access to grave areas of their security domain.

The guilty party acts very flair to gather information through various sources like the company's web portal, in-house journals, and even sometimes by just talking to the targetted victim.

After gathering the required information, the felon outlines the plan and executes the attack — soon after acquiring the necessary tools like various software programmes. The attack precisely aims the flaws in the target system.

The information gathered in this process is used further to guess passwords using social engineering tactics.

Human error is the main expanse on which social engineering relies upon. It is the area that is more susceptible than the risks involved in computer software and operating systems — for the reason that it is easier to identify the vulnerabilities involved in software rather than the mistakes made by genuine users, which are not readily foreseeable.

Palpably, social engineering attacks dock in five very common forms: baiting; scareware; pretexting; phishing; and spear phishing. In attacking through baiting, a deceitful promise is made to pique the target's greed or oddity.

This mode of social engineering process involves luring and trapping the victims to steal personal information or inflicting the computer systems of victims with malware.

Insofar as scareware is concerned, the preys get blitzed with false alarms and made-up threats, so that the users would think that their systems are infected with malware.

Thus, the users are forced to install software that would ultimately advantage the perpetrator. Sometimes, the newly installed software itself might be malware. Simply put, scareware is a deception software.

In pretexting form of social engineering, information is obtained from the victim through a chain of smartly constructed mendacities to extract sensitive information so as to perform a precarious task.

One of the most notorious forms of social engineering attacks is phishing. It involves email and text message operations meant for crafting a sense of urgency, inquisitiveness or distress among the victims, thereby making the targeted people reveal the most sensitive information.

On the other hand, spear phishing is a more targeted form of the phishing attack whereby an assailant picks specific individuals or enterprises to shape their messages based on their personal profiles and contacts, to make their attack less noticeable.

There is no doubt that spear phishing needs many efforts on behalf of the guilty party and, of course, they have greater success rates if executed skillfully.

As mentioned previously, felons are taking advantage of human feelings and emotions. For the same, social media channels are also becoming vital platforms. One good example to justify the above statement is — soon after Steve Job's death, on one of the popular social media networks--Facebook, innumerable links swamped about giving away of free iPads by Apple and other companies in the honour of Steve Jobs.

This went viral within no time for the reason that it was most resounding to the social media users as it happened together with the death of Steve Jobs. Of course, there is no need to mention that the target links used to extract the personal information of the netizens in the ploy of sending them the iPad.

Also, cybercriminals take advantage of the individual's confidence and addiction to common social expectation signs of the users. This very human personality trait is taken as a gain by the culprits on such social media platforms as YouTube.

Evidently, social engineering defies traditional security efforts due to the scheme of attack banking on human innocence or mistake. Indubitably, the vast amount of information that is made publicly available enable culprits to hack the vital company portals.

Moreover, social engineering through social media channels target employees of an organisation as they form one of the most vital information sources.

As it is rightly said, "prevention is better than cure." So, in the digital realm, being always agile can be a better way to keep oneself safe against most social engineering attacks.

Additionally, cross-checking the legitimacy of facts conveyed through email, text messages or over the phone is at all times better.

Furthermore, Social engineering through social media channels endorses the fundamental need for employees to be made aware of methods of attacking through a mishmash of development of concrete policy, alongside traditional methodological countermeasures.

(The author is an Air Veteran, a mass communicator and an author of more than 10 mass media books)

Tags:    

Similar News