So-called social hacks, also known as social engineering, involves attacks on what is perhaps the most vulnerable, easily compromised component in any computer system: The user.
A social hack is any of a number of techniques, strategies, and tactics used to convince people to give up personal information, passwords, and all of the other information necessary to access private accounts without the technical knowhow or risk of true hacking.
Social Hacks to Watch For
Here are just a few of the most common hacks you should look out for:
- Pretext. Would-be social engineers will often wait for a pretext to reach out to a target or create one wholesale. For example, a power outage or internet outage at your building could give them an excuse to call or email you, pretending to be from your managed IT firm.
- Diversion. Some social hacks work via diversion of a target from legitimate points of contact to illegitimate ones. This includes tactics, such as phishing, where you are sent via email to a website identical to a real website you use, but wholly controlled by the hacker.
- Baiting. Baiting relies on greed to get past your defenses. It can be a USB stick loaded with free stuff and a hidden computer virus, given to you at a convention or left sitting somewhere.
- Authority. Feigning a position of authority to trigger a panic response and get you giving up answers is a favorite for social hackers. It’s most effective in large organizations.
- Kindness. It’s easy to get complacent about security when someone is really nice to you—and hackers are happy to exploit that for all its worth.
- Vagueness. Some social hacks work on the power of assumption. Hackers may lead you to believe you’re talking to someone you know.
Avoiding Social Hacks
Don’t let emotional responses rush you. Fear, kindness, pity, and confusion all work for hackers, not you.
Never assume something you don’t know for a fact. Do you know who this person is, truly?
Trust your instincts. If something looks wrong, feels wrong or sounds wrong, it may be wrong. Taking a moment to confirm you’re on the real website or double check to make sure you’re answering a call from the real source can potentially save your company a lot of time and money.
Follow security rules. All the rules and guidelines your managed IT support team puts forth exist for a reason. Each extra security measure makes it exponentially more difficult for any hacker, social or otherwise, to compromise a system.
Network Security Associates can secure your systems for you, help teach employees security best practices, and make it so a single successful social hack doesn’t get into your systems. Know the risks, know what to do about them, and make sure the human element isn’t the weakest link in your security. Contact us today at 702-547-9800 to learn more.