The New Human Technology: Social Engineering

Social engineering is the most common way for a cyber criminal to steal your information. Learn more about it, and become smarter than the attackers. Check it out!

The human element is fast becoming one of the biggest topics in cyber security. Known as social engineering, cyber attacks are becoming geared more towards human error, rather than exploiting vulnerabilities in hardware or software. Why? Maybe it’s because machines are getting smarter faster than humans are.

Before we start making too many Terminator references, let’s talk about social engineering. In 2016, more than 99% of attacks relied on human clicks than automated exploits. (Maybe with non-malware, this is going to change, but we will see.) According to Proofpoint, more than 90% of phishing schemes are URL-based and trick victims into entering their user credentials, rather than using other exploits.

So why are criminals relying on human mistakes instead of just automation? It’s simple, really. Human error is worth more. Social engineering can have more turnover than an automated exploit. Of course, we’ve all seen the big exceptions to the rule, like the WannaCry ransomware attack in early 2017. But for the most part, it’s simply easier to have someone give you their information than having to go and steal it.

What are criminals trying to steal? I mean, Gmail is already free! Well, that banking email you just received might have some valuable information. Ever heard of password reset? With access to your email, a social engineering criminal could fake you into giving them your email password, and then use that to login in to your banking online account, or buy $10,000 dollars worth of wasabi peas on Amazon (maybe it’s time to turn off one-click ordering). And that is just with one password!

What Is Social Engineering?

Here is what Wikipedia defines social engineering as “Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme.

“The term “social engineering” as an act of psychological manipulation of a human, is also associated with the social sciences, but its usage has caught on among computer and information security professionals.” (Wikipedia) Now, social engineering is talking about the pickpockets and scam artists of the cyber world.

Here’s a scenario: You are unable to login to your DirecTV account, and so you tweet to the company, asking for assistance. You receive a quick reply from a different account than the one you tweeted to, but it appears to be a customer service account for the company. You DM them your username and password, and… nothing. They don’t reply, but the real customer service account for DirecTV does. You just got your information stolen. Sorry!

Now, the Terminator reference. If humans are too imperfect to survive in the perfecting world, is Skynet inevitable? Hopefully not. Right now, you don’t have to worry about that. But you should continue to check back here for daily updates, and maybe you’ll become just as smart as the machines, and maybe smarter. But don’t try for perfection! It’s hopeless!