The Art of Social Engineering
Hacking into your home computer or breaking into a safe takes a lot of skill on the part of the thief. But thieves have found an easier way to get information that they could use to answer security questions to your account logins, or open your garage door (if you use a number combination like your birthday.)
Social Engineering encompasses a variety of tactics thieves use on the phone, web and in-person to learn more about you. They then use these acquired snippets of information to steal your identity or access your personal accounts. Here are few examples of social engineering:
- You receive a phone call from someone claiming to be tech support for a popular anti-virus software company. They explain new trends in computer viruses and offer to do a complimentary scan of your system and update your security settings…you just have to grant them remote access to your system. By allowing access to your computer, not only does a thief have access to your personal photos and files, but also to any stored passwords (e.g. online banking, email, social networking sites, etc.) Hackers could also install ransomware on your computer to extort money.
- You’re in a hotel room and get what appears to be a phone call from the front desk. The person on the other line says there was an issue running your credit card, so they ask you to verify the card number over the phone. What you might not realize is that thieves can call from anywhere and disguise the call back number. To avoid this type of threat, called Vishing, tell the caller you will come down to the front deck in person, then hang up. (The term Vishing comes from the combination of using voice and phishing tactics.)
- You have a Facebook profile that you use daily. It lists your employer, and you “check in” when your shift starts. A stranger looking at recent check-ins to the location could find your profile, and unless your security settings are strong, they will have enough material to strike up a conversation with you. For example, if you are a bartender and post information on Facebook publically, a thief could see pictures, your hobbies and pets… they could even look at your friends list then tell you they have a mutual friend to generate trust in what seems like a casual bar-side conversation. What you may not realize is that this stranger is asking probing questions (e.g. about your pets, birthday, etc.) to potentially steal your identity or find ways to access your private accounts. Help prevent this type of social engineering by checking the security settings on your social media pages, such as Facebook and Instagram, regularly.