What on earth is social engineering hacking?
- February 11, 2013 10:30 am
Here’s another blog post inspired by a question from a HostPapa customer. We’ve had a few queries, actually, from clients looking for information about social engineering hacking and how they can prevent it.
Social engineering hacking is fraud – fundamentally no different than the cons that have been going on for centuries; trickery to try and get you to take a specific action or divulge information. This modern version is generally focused on getting victims to give away computer access or personal/financial information.
How does it happen?
Social engineering hacks don’t tend to break into computer systems or networks. They actually target a person, exploiting human vulnerabilities.
Some common examples:
- A social engineering hack may call, pretending to be from a computer company. The caller says your computer needs repair. You turn on your computer, allow remote access, and the hack steals your data or implants malware.
- Another hack calls, pretending to be from your credit card company or bank. She says there has been unusual activity on your card, and needs to verify certain personal information. You divulge your credit card number, password, or other details.
- You get a phishing email that looks to be from your financial institution or a business you frequent. It’s not.
- A social engineering hack may pretend to be a Facebook friend, and pick up information through social media. Or he or she might rifle through your trash, find a utility bill, and glean enough information to access your accounts.
You get the idea. Social engineering hacking isn’t usually high-tech – but it is effective, and it can lead to identity theft, computer infiltration, and financial fraud.
What can you do?
Plenty! The most important thing is to be vigilant. Be suspicious of any phone call or email looking for personal information or remote computer access.
- Dispose of digital data properly.
- Shred all mail, especially bills and statements, before throwing out.
- Use different passwords with different accounts. Where reasonable, use different email addresses to link to each account too. Monitor all accounts regularly.
- Remove your information from public databases. In fact, last week's blog post was about domain privacy. Here's another reason to think about signing up for it.
- Never post, publish, submit, or otherwise divulge personal information unless absolutely necessary.
- Back up everything.
Social engineering hacking evolves as fast as the criminally minded can think up new scams. Stay informed, stay on your toes, and stay safe!