Surely you have not heard the term “Social engineering” before and in asking the meaning of this term, the people of the common associate it to the construction of some aspect of society. However, these deductions are far from their definition.
Social engineering is not a recent term. According to Carol Fenelly in her book “The Human side of computer security” 1999, social engineering consists of manipulating people to voluntarily perform acts they would not normally do. In other words, they are methods used by the cybercriminals, aimed at causing human errors in the protection of the information, taking advantage of them to compromise the security of the computer systems.
The objective of the implementation of this technique can vary, from committing fraud, meddling in social networks or mail, to industrial espionage, identity theft and breaking into network systems, where victims are usually corporations Renowned, financial institutions, telephone companies, government institutions, among others.
But what are the tools they use? He first thing we need to know is that this technique is not based on exploiting the vulnerabilities of a computer system, but is exerted in a context of social interaction between the attacker and the weakest link in the chain of computer security: the user. In this sense some of the tools they use to confuse the user are:
Scarcity principle. Last few days! Change your password! And it’s just that a little pressure gets more than one fall into the trap. This principle makes us more willing to be close to something, if we notice that it is scarce or difficult to achieve.
Principle of authority. Do you remember any emails from your bank or entity in which you are urgently asked to change your password? Surely a cybercriminals tries to impersonate an entity or person of trust and through the authority that this exerts easily influence us. These types of cases are very recurrent in what we call Phishing.
Principle of sympathy. How much can a stranger know about us, analyzing our social networks? If you have not asked yourself this question, it is good to start the task, because the cybercriminals can easily impersonate someone of our confidence and tend traps.
Principle of reciprocity. Through the information we share in social networks and the little knowledge at the time of managing our privacy, easily the cybercriminals manage to establish links to identify the topics that we can react in a more favorable to them. In such a way that through compliments, gifts or benefits, it makes us feel the need to return the favor or to solve questions of our personal life.
Principle of commitment and coherence. The big data allows thousands of data to be processed on our tastes, interest and what we consume. In this sense, hackers have the ability to capture our attention with what we are committed to and avail themselves of key questions and forms with which they can easily extract information.
Principle of social approval. How many have not heard the saying “where goes Vicente?, where people go”, is here where the cybercriminals seek to convince us that a certain program is the most used, to influence our decision to install a program that is actually only a malware.
So stay tuned and don’t be fooled. Pay attention to the usual grounds!