Head of the Department (ICT) | Head of Internal Quality Assurance Cell
SOCIAL ENGINEERING THE SCIENCE OF HUMAN HACKING: HOW HACKERS MANIPULATE YOU TO GIVE MONEY AND SHARE SENSITIVE INFORMATION BY EXPLOITING HUMAN NATURE
Have you got an email from a bank with a link asking you to confirm your credit card number?
After entering the website, you may have felt suspicious and felt that it may be a fake website so you called the bank to find that it is truly a fake website deceiving you to enter your credit card details.
Have you been called by a random person and that your number has been selected in a lucky draw and you have won 100,000 cedis but to withdraw that you need to pay 500 cedis?
These are examples of social engineering techniques called phishing.
The term “social engineering” refers to a wide range of malicious activities carried out through human interactions. It employs psychological manipulation to dupe users into making security errors or disclosing sensitive information.
People from many walks of life and in all kinds of settings employ social engineering daily.
A toddler trying to have her way in the candy aisle or an employee attempting to obtain a raise are examples of people engaging in social engineering. Social engineering can take place in both the public sector and in the marketing of small businesses. unfortunately, it is also present when fraudulent individuals, con artists, and others of a similar nature deceive people into disclosing information that leaves them open to illegal activity.
Social engineering is the art of persuading people to reveal sensitive information. The types of information sought by these criminals vary, but when individuals are targeted, the criminals are usually attempting to trick you into giving them your passwords or bank information or accessing your computer to secretly install malicious software—giving them access to your passwords and bank information as well as control over your computer.
Hackers use 3 emotions in social engineering to manipulate you, those emotions are:
3. Sense of urgency
The example of manipulating you by saying that you won a huge sum of money uses greed.
Many innocent people fall victim because of greed and lose their money or data.
Suppose you are an accountant and you are getting an email (hacked email) from your manager (disguised as your manager) to transfer money to a particular account.
This manipulation strategy uses confusion.
3. Sense of urgency:
Imagine your spouse has gone abroad for a business trip, you are getting an email from your spouse that she has met an accident and she is in hospital and she needs money immediately to pay for the hospital bill.
Will you send her the money? Of course.
What if her email is hacked and she is safe and she does not know anything about such an incident?
The hacker uses your sense of urgency in manipulating you to give him the money.
What is the common thread in all the 3 scenarios/emotions?
All the 3 emotions hamper our ability to think effectively when we don’t think we make a wrong decision.
How do be aware of social engineering and avoid being a victim?
- Be aware of unsolicited messages and calls requesting employee or business information.
- Never give personal or company information to unauthorized people.
- Before entering critical data, check the website’s security.
- If you’re unsure about an email request, contact the company directly.
At an organizational level, companies can do the following:
1. Employees should be trained to detect the tactics used in social engineering.
2. Restrict access to systems to those who truly need it, multifactor authentication and network segmentation should be used.
3. The use of sophisticated spam filters that can identify and block fraudulent messages before they reach employees is essential.
4. Make sure the computer has updated anti-virus and firewall protection.
5. The importance of keeping software up to date is often underestimated by IT departments and it should be emphasized and followed strictly.
Social engineering can appear sneaky and dangerous but with sufficient awareness and smartness, we can overcome such cyber threats.