When people think of a hacker, often they picture someone in a dark room with their hood up frantically typing on a keyboard, but often the most dangerous hackers are the ones who operate under everyone’s noses. Social Engineering, or human hacking, is one of the most common ways people have data and information stolen. Social engineering is “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.” As security software keeps improving many hackers have realised that the weakest link in the security chain is the person already behind the security system.
The social engineer will manipulate people who already have access to sensitive data to give that to them without ever having to use a computer themselves. Sometimes the information that the manipulator will receive is harmless on its own, but it may be one piece of the puzzle that the social engineer is building. Social engineers will extract any information that they can which will be used to destroy a company’s reputation and in some situations will cause monetary damage. Even if a company’s cyber security is up to date it is important to know how to prevent social engineers.
There are many different types of ‘attacks’ a social engineer will carry out but fundamentally they all focus on aspects of psychology and how to use that to manipulate people into giving up sensitive information. The most common and well-known type of attack is phishing. This is when a target receives an email that often contains a malicious link asking the user to submit sensitive data. These attacks often trigger the fight or flight instinct with threatening titles such as “ACT NOW OR LOSE YOUR ACCOUNT!” This is done as people do not think as logically when they are acting on instinct, instinct is easier to predict and are less likely to view links with distrust.
In the past phishing emails were easy to detect as often they were sent to mass mailing lists and would often contain many grammatical mistakes, although most people avoided them it would only take one person to click a false link to bring the system down. Recently, phishing attacks have become more sophisticated, being professionally written and the target has been better researched resulting in more convincing emails making them harder to detect. There are several distinct types of attacks used by social engineers and these will be covered in more detail in a following article.
Thankfully, social engineering is extremely easy to prevent simply by having a well-trained team and procedures for verifying and authorising data transfer. The simplest way to prevent social engineering attacks is to verify where the request for information is coming from. If an email says a bank account has a problem, visit the trusted website of the bank using the browser and not clicking on any links in the email or call the trusted number for that company. The trusted website or phone number would then be able to confirm or deny if the bank account in question has a problem. It may take a few moments longer than just clicking a link but is significantly more secure and has the potential to save a company from monetary and reputational damage.
If you enjoyed this briefing paper, check out our other digital resources which cover a wide range of topics, including quantum computing, social media, and 3D printing.
The Lancashire Cyber Foundry runs a series of business strategy and cyber workshops specifically designed for SMEs in Lancashire. We’re passionate about seeing Lancashire business become more cyber-aware and innovative and so offer funded places for companies to come and learn how to defend, innovate and grow their business. Additionally, we have an experienced technical team ready to help you with your business innovation ideas, particularly around cyber and digital innovation.
To find out more about how your business can access support or register on one of upcoming workshops, contact us:
Alexander Lee is an analyst developer on the Lancashire Cyber Foundry. Having recently graduated from Lancaster University with a master’s in Physics, Alexander has always enjoyed software development building multiple physics based simulations. During his degree he studied Quantum Mechanics and Quantum Information Processing sparking an interest in the future of quantum computing.
Get the latest updates on news and events from the Lancashire Cyber Foundry team.