What on earth is social engineering hacking?
- February 11, 2013 10:30 am
- Security
- 1 Comments
Here’s another blog post inspired by a question from a HostPapa customer. We’ve had a few queries, actually, from clients looking for information about social engineering hacking and how they can prevent it.
Social engineering hacking is fraud – fundamentally no different than the cons that have been going on for centuries; trickery to try and get you to take a specific action or divulge information. This modern version is generally focused on getting victims to give away computer access or personal/financial information.
How does it happen?
Social engineering hacks don’t tend to break into computer systems or networks. They actually target a person, exploiting human vulnerabilities.
Some common examples:
- A social engineering hack may call, pretending to be from a computer company. The caller says your computer needs repair. You turn on your computer, allow remote access, and the hack steals your data or implants malware.
- Another hack calls, pretending to be from your credit card company or bank. She says there has been unusual activity on your card, and needs to verify certain personal information. You divulge your credit card number, password, or other details.
- You get a phishing email that looks to be from your financial institution or a business you frequent. It’s not.
- A social engineering hack may pretend to be a Facebook friend, and pick up information through social media. Or he or she might rifle through your trash, find a utility bill, and glean enough information to access your accounts.
You get the idea. Social engineering hacking isn’t usually high-tech – but it is effective, and it can lead to identity theft, computer infiltration, and financial fraud.
What can you do?
Plenty! The most important thing is to be vigilant. Be suspicious of any phone call or email looking for personal information or remote computer access.
As well:
- Dispose of digital data properly.
- Shred all mail, especially bills and statements, before throwing out.
- Use different passwords with different accounts. Where reasonable, use different email addresses to link to each account too. Monitor all accounts regularly.
- Remove your information from public databases. In fact, last week's blog post was about domain privacy. Here's another reason to think about signing up for it.
- Never post, publish, submit, or otherwise divulge personal information unless absolutely necessary.
- Back up everything.
Social engineering hacking evolves as fast as the criminally minded can think up new scams. Stay informed, stay on your toes, and stay safe!
Steve Ashley RSS feed for comments on this page | RSS feed for all comments
Leave a Comment!
You've decided to leave a comment. That's awesome! Please keep in mind that comments are moderated. So, please do not use spammy keywords or it will be deleted. Let's have a personal and meaningful conversation instead. Thanks for dropping by!
- We accept:
It all really comes down to basic common sense. If it looks too good to be true, it is overwhelmingly likely to be so - nobody gives anything away without expecting a return! Phishing sites are easy to spot - just look at the web address: if it's not the correct bank site, then it's a fraud. Assume that it's a lousy world out there (it is!) and CHECK everything before giving away ANY data. If in doubt, DON'T.
It never ceases to amaze me how trusting - and stupid - some folk are!
+1 -1 +1