Be aware of the trap of social engineering


You may have heard the word social engineering lately. A strategy of a hacker or a fraud is social engineering. This is a very old and always used technique. 

If we look at history, most of times, the emperors or kings were cheated by their loyal ones. 

They trusted these people immensely and they took the opportunity of that belief and betrayed the kings. Let's take it example of social engineering.

Social engineering is the way to achieve one's self-interest by fooling people. This technique is most commonly used for hacking in the cyber world. 

Social engineering is a technique that manipulates a person's mind and collects important information from him to achieve his own interests. This information can be personal or organization information.

Fraudsters are always searching for opportunities. No matter how hard you enter the password or how much the security of the system you are using improves, you are more likely to be deceived if you are not aware of social engineering. 

In many cases cracking people's minds is easier than cracking software.

The main tool of social engineering is greed and fear. Man falls into the trap of greed and fear because of his instincts. 

For example: You notice a post in a group on Facebook - the group admin said with a link to an app - if you run Facebook using the app, it will not cost any data. 

Many people got greedy and installed the app. In fact, the app was a malware rot (remote administration tool), which can be used to control a mobile phone or PC. The mobile phones of all those who installed the app were taken over by hackers. 

See here, hackers did not directly hack their mobile phone, people fell into the greed of getting something for free and handed over their data to hackers.

 Again, someone is calling and saying, the problem with your bank account is that you have to give some information. 

Otherwise the account will be closed. And you did what he said out of fear. After a while you got the message that your hard earned money is gone. This happens more or less with many of us.

Visihing, smishing and phishing techniques are more commonly used in social engineering. Vishing is the trap of cheating through voice or phone calls. 

Hackers also use spoofing in vishing. Spoofing means calling by changing the number so that the victim is forced to believe that the phone came from the right place.

Smishing is a trick of cheating through mobile phone messages. 

From time to time we receive lottery winning messages on our mobile phones saying 'you have won the lottery' and to get the prize you have to contact the address given by them. Such is the technique of message smishing.

Phishing techniques are now being used in many large-scale hacking cases on the Internet. Phishing can be compared to a mirror. 

Important information is manipulated by phishing by creating another site that is an exact copy of the original site. 

Email spam techniques are used for phishing. Email spam is false or fake mail that is sent to annoy or harm people. For example: You received an e-mail from Facebook requesting you to change your password on Facebook Security Purpose, along with a link. 

Now if you click on that link without verification, you will fall into the trap of phishing. The email could contain a link to a fraudulent webpage that appears to be legitimate in view of the company logo and content and provides a form to provide an ATM card PIN or credit card number starting from the home address. 

For example there was a phishing scandal in 2003 in which users probably received an email from eBay stating that users' accounts would be suspended soon and that they would need to update the credit card by clicking on the link provided with the email. 

The information was already there. Since it is relatively straightforward to create a web site similar to a legitimate company by simply imitating the HTML code and logo, the scandal deceived people into thinking they were actually contacting eBay and later went to the eBay website to update their account information.

 Through spamming with a large number of people, phisher selects people who can respond and those who read emails have already legally listed their credit card numbers on eBay.

Water holing is an interesting type of Phishing. It is a targeted social engineering strategy that is primarily applied to users who regularly visit the website and trust it. 

The victim feels safe doing things they would not have been able to do in a different situation. 

For example, a cautious person might intentionally refrain from clicking on a link to an unsolicited email but the same person would not hesitate to follow any link to his frequently visited website. 

So the attacker prepares to trap his careless prey in this privileged watering hole. This technique has been used successfully to gain access to some very secure systems (possibly).

The attacker may target a group by identifying or announcing the individual. Preparation work involves gathering information about frequently visited websites from the target's secure system. 

The data collection activity proves that the target visits the website and the system supports such visits. The attacker then checks for vulnerabilities on those websites in order to infect the visitor's system by inducing malware code. 

The traps and malware of the entered code may apply to specific target groups and specific systems they use. After a while, one or more members of the target group will be infected and the attacker will have access to a secure system.

Fraudsters can use "emotional deception". There are some mails that say "to restore access to your bank account ...". Normally people go to such links and click on them.

Recreational theft, also known as the "Corner Game" or "Round the Corner Game", occurs in the far east of London.

In short, recreational theft is a "persuasion" practiced by professional thieves against natural transportation or courier companies. 

Its main purpose is to persuade the person responsible for the legal delivery of the requested invoice elsewhere and then "round the corner". 

The average loss for each of them is about 290 USD. On the other hand, phishing and malware have caused a loss of about 110 billion worldwide, resulting in a per capita loss of about 198 billion

You will be astonished, billions of dollars are lost every year worldwide due to hacking. Between July 2011 and July 2012, approximately 61 million U.S. citizens were directly or indirectly affected by cybercrime. 

The average loss for each of them is about 290 USD. On the other hand, phishing and malware have caused a loss of about 110 billion worldwide, resulting in a per capita loss of about 198 billion.

 Which is equivalent to the annual cost behind fast food for U.S. residents. 42 percent of this money is going to the fraud case.

Increasing social awareness is the best solution to prevent social engineering.

  • Not accepting anyone's profile visit request on Facebook.
  • Not accepting celebrity ad requests.
  • Reject customized requests.
  • Not participating in surveys or surveys.

Technology development

Currently, antiviruses are quite powerful and catch small phishing quite easily. And the browsers are now much stronger than before. For example, currently Google Chrome will not allow you to visit any links or warn you that there is a possibility of a virus or something like that.


Organizations have reduced their security risks through these measures:

Model Structure: Establishment of trust infrastructure at the employee / staff level. (E.g. specifying staff and hand-to-hand teaching on when / where / why / how sensitive information can be exchanged)

Deep warning about information: Identifying which information is sensitive and disclosing it to social engineering and diagnosing security flaws (buildings, computer systems, etc.)

Security Protocols: Establish security protocols, policies and procedures for exchanging sensitive information.

Employee training: Provides training on safety protocols to employees according to their position. (For example, in situations such as tailgating, if a person's identity cannot be verified, employees must then be trained to politely refuse.)

Incident Testing: Completes unpublished, periodic inspections of security infrastructure.

Review: Regularly review the above steps: No solution is perfect for complete information

Hacking is happening in the cyber world using various such strategies. According to experts, 70-80 percent hacking can be prevented only through awareness. 

So we all need to know about cyber security, keep ourselves updated about new strategies that can lead to cyber attacks. 

You must verify before clicking or downloading any link on the Internet. Be careful when sharing any personal information on the Internet. Only awareness can keep you safe in the cyber world.

Post a Comment