HOW SOCIAL ENGINEERING IS USED IN PERSONAL INFORMATION STEALING?
In this digital era where almost everyone is using mobile and computes for ease of access, information stealing has also become a very serious issue. Information can be stolen by using different methodologies, social engineering is one of them. Every other day we read about victims of Social Engineering who either has lost confidential data or money over call or mail.
What is Social Engineering?
Social Engineering is a kind of art where the Hacker tries to steal critical information of victim by socialising with him or her. Have you ever received any unknown call asking your personal details like date of birth, marriage date or sometimes the confidential information like your bank PIN or OTP, then one or other way you would have been faced the wrath of Social Engineering technique of information stealing.
Let’s discuss how Hackers steal data from publically available information of yours or make you fool to share your critical information.
CASE ONE: The best way to perform is to use the publically available information from different social networking sites where users put their confidential information like Date of Birth, Contact Number, areas of interest, the place where they live, where they visit and many more. By using such lucrative information Hackers predict the password easily and can access sensitive data of yours. Most of the users use the password which they could remember easily like their name, spouse name or combination of some names and dates, which is very easy to predict. So one should not to share his or her personal information on social media which can be exploited later on.
CASE TWO: Phishing is the method of stealing information which is very popular. In this case Hackers act as a trustworthy source and try to extract critical information like passwords, credit card information through mails, texts, sms etc. By using this method hacker’s gather information very easily, they will just host a similar looking web page where if the victim put their credentials such as passwords it will be received by hackers and the web page will then redirected to original website. The best way to detect these kind of attack is to check the URL of the website where you are inserting your data and never put your credentials or make payment received on mobile through untrustworthy sources.
CASE THREE: Vishing, which is Voice phishing where hackers will call you and pretend as a genuine source like Bank Executive etc and will try to extract information like password or OTP of the user. This is one of the most common scam prevalent in many developed countries as well. Here, malicious people called hackers takes advantage of unawareness of users and gather the information and use it for making online payments or other kind of malicious activities.
One should never share personal details over call, remember no financial institute will ask for your password or OTP.
CASE FOUR: Another technique where Hackers use Social networking techniques to befriend the target to collect critical information. This is a very easy and popular way to extract critical information without much efforts, here malicious user tries to exploits emotions or needs of the victim and mostly pose as opposite gender or any job agency etc. One should be very careful while sharing their personal and professional information over social media, rather no one should share any critical data online to non-trustworthy sources.
CASE FIVE: Many people often tend to write down important information like contact details, bank pins, passwords etc. on a piece of paper and later forget to destroy it. This information can be used by hackers to steal information. Information from airline tickets, courier packets from online shopping, electricity or telephone bills can also be misused because it contains information like Address and Phone number, what else a hacker needs. Dumpster diving is one of the very famous method where hacker extract information from improperly destroyed garbage dumps.
Any paper bounded information should be properly destroyed before dumping it, if possible use shredder to destroy paper bound information so it cannot be reused
The best way to safeguard yourself from social engineering attacks are
Share minimalistic personal information on social media, if possible one should not share any personal information online.
Try to avoid weak password, which are easily guessable, always use strong password which is a combination of special characters and numbers. Don’t use a password for so long, change passwords frequently. And one more thing try to avoid same password everywhere.
Beware of the link you are clicking, pay attention to the websites you are visiting. Never put your information on the websites which doesn’t look genuine. Always use websites which are using ‘HTTPS’ instead of ‘HTTP’ in the URL
Never use public network or public computers for accessing your bank accounts. Public computers are very easy to hack, it can have malware which can capture keystrokes and thus your passwords. Hackers at Public places like airport or railway station might be intercepting the traffic and can capture your credentials.
Don’t ever share your important information like passwords over call, you never know who is listening to you and can misuse the credentials.
Be cautious while you are typing the passwords, shoulder surfing can reveal your password to malicious users.
A camera at public place might be capturing your keyboard entries so be cautious while using your credentials at public places
Always destroy the piece of paper which contains critical information before dumping it, if possible never write down your passwords on paper and don’t ever share it in messages.
Use a good quality of antivirus which can detect the phishing pages and keep your computer firewall on
Hackers always try to find our news methods to steal information, the best way to safeguard yourself to be aware all the time while you are dealing with sensitive information like passwords or bank details. One can attend “Cyber Security Awareness Sessions” in order to learn different methods or techniques of social engineering used to fool the victims and thus will be able safeguard yourself.
Remember prevention is better than cure. One should always be vigilant about their surrounding and know about kind of repercussions can happen because of social engineering. Few good habits can help to safeguard you from online frauds.
#tags: cyber security, digital, online media,
#Keywords: Social Engineering, Online frauds, Phishing, Vishing, Dumpster diving, Cyber Security, Information Security.