Home >  Blog >  Social Engineering and the Hacker

Social Engineering and the Hacker

Posted by Deb Cashion on 10 February 2023
Social Engineering and the Hacker

What is social engineering?

 

Social engineering, in the context of cyber security, is the psychological manipulation by a hacker, in hopes of people divulging private or secure information to them.

 

How do hackers use social engineering?

 

Hackers use social engineering to perform their hacks and scams utilising the key principles listed below.

Authority – the hacker will pretend to be a person of authority. This is prevalent in tax office scams, Microsoft help desk scams, banking scams etc. Portraying or imitating a person of authority gives the scammer more credibility than if a stranger just asked for information.

Intimidation – the hacker will use the threat of negative action with words like “your account will be suspended” or “there is a warrant out for your arrest”. Seldom do people in authority give direct intimidation in initial conversations, so that should be a red flag.

Consensus/social proof – This is very popular on social media where one person shares a scam website or post and it is shared again, and again. Seeing it in several places makes the person being hacked think that the fake item is real. It is best to do your research before reposting or sharing something that might lead people into vulnerable situations.

Scarcity – If a hacker tells you that something is selling fast, or they have a limited one day offer then they are appealing to the human need to “catch a deal”.

Urgency – Like scarcity, this plays into the human need to do something within a given period of time. If a hacker tells you that there a consequence of you not acting within a set time (i.e. your system will crash) then they are trying to sway you to make a quick, hurried decision based on a perceived urgent end result.

Familiarity/liking – Hackers may use your friends to get to you, staking a risk that you will communicate with them if you believe they are a friend or referred by a friend. Humans are comfortable within a group and are wary of strangers, so hackers take advantage of this and attempt to gain trust from within your friend circle. This is why hacked Facebook accounts are becoming so popular.

 

So how can you be prepared for hackers using social engineering?

 

Education and training - Understanding how hackers utilize these social engineering principles to gain our trust, is the first stage of not being taken in. Share the knowledge with those nearest to you.

Standard framework – in business, organisations have protocol and procedures set up so that staff know how information should be handled, kept and divulged.

Scrutinize – Taking into account the information above, you can scrutinize all your potential hacker interactions, asking yourself if they have acted using most of these principles.

Security protocols – Securing your data for sensitive information with passwords that are secure and in line with recommendations (8 letters or more of upper and lower case, numbers and symbols) and two factor or multi factor authentication.

Inoculation - Preventing social engineering and other fraudulent tricks or traps by raising awareness, using security measures and educating staff and friends.

Review – Constantly review the situation of scamming and hacking and adapt your procedures, security and protocol in line with new attempts.

Waste management – This is often overlooked. Waste can be used by scammers to get information on your company. Lock up your secure waste or shred it. Secure your data in the cloud with multi factor or two factor authentication and change passwords regularly.

 

Where can I get help if I need it?

 

If you have any issues and concerns about your cyber security, Loyal I.T. Solutions can help, simply call (02) 4337 0700 or email reception@loyalit.com.au.

Author:Deb Cashion
About: Deb is the Administrator at Loyal I.T. Solutions. Her background in marketing and editing ensures she gets the most out of a blog. With past posts for the Tasmanian Prison Service, Shoalhaven City Council and The What Women Want political party, she brings some knowledge and skill to the table when blogging.
Tags:SecurityNetworking SecurityCyber Security

Log a Job
Or an Enquiry

help@loyalit.com.au

Loyal IT
Latest news

23 February 2024
Carrying Out a Cybersecurity Assessment: A Guide for Small and Medium Businesses We all know that some of the biggest iss...
Read All Latest News

Our Clients
say

Thank you for helping me navigate our security requirements, sending through the proposal so quickly and organising a support ticket. Great customer service!

Penny Newson
Read All Testimonials

Resources Helpful
fact sheets

Download Our Fact Sheets

Sign Up for Newsletter