In the age of information technology, social engineering has acquired a strong connection with cybercrime, but in fact, this concept appeared a long time ago and initially did not have a pronounced negative connotation. If you think that social engineering is such a dystopian fiction or a dubious psychological practice, then this article will change your mind.
What is called social engineering?
The term itself is sociological and denotes a set of approaches to creating such conditions under which it is possible to control human behaviour. To one degree or another, social engineering techniques have been used by people since ancient times. In ancient Greece and ancient Rome, orators with special art of persuasion were highly valued, such people were attracted to participate in diplomatic negotiations. The activities of the special services are also largely based on the methods of social engineering, and the 20th century is completely replete with examples of what results can be achieved with skilful manipulation of human consciousness and behaviour. You can also provide an example of the Spinia casino website.
How do social engineers work?
Based on the book of the same name, Catch Me If You Can tells the story of a real person, Frank Abagnale. Now he is an expert on documentary security, but in the middle of the 20th century, Abagnale forged checks and masterfully hid from the police for five years, easily transforming into different people from a pilot to a doctor. Such behaviour, tricks and subtle psychological play are vivid examples of social engineering.
Manipulation of thoughts and actions becomes possible due to cognitive distortions – deviations in our perception, thinking and behaviour.
Examples of social engineering
To achieve their goals, attackers exploit human curiosity, goodwill, politeness, laziness, naivety, and other very different qualities. An attack on a person (as hackers call social engineering) can be carried out according to many scenarios, depending on the situation, but there are several of the most common techniques used by attackers.
Phishing
This method is effective due to the inattention of users. The victim receives an email from some well-known website, organization or even an individual with a request to perform the indicated actions by clicking on the link. Most often they ask you to log in. A person goes to the site and enters his username and password without even looking at the sender of the message and the site address, and the scammers thus receive the data necessary for hacking, after which they perform any actions on the victim’s page.
Trojan
This is a virus that got its name from the principle of operation, similar to the Trojan horse from ancient Greek myth. A user downloads a program or even a picture, and under the guise of a harmless file, a virus enters the victim’s computer, with the help of which attackers steal data. Sometimes this download occurs automatically when a person clicks on a curious link, opens suspicious websites or suspicious emails. Why is this type of data theft called social engineering? Because the creators of the virus know very well how to disguise the malware so that you are sure to click on the right link or download the file.
Qui pro quo
This type of scam works on a quid pro quo basis. The attacker pretends to be a technical support employee and offers to fix the problems that have arisen in the system or on the computer of a specific user, although in fact there were no problems in the operation of the software. The victim believes in the presence of malfunctions, which were reported to her by the “specialist”, and happily provides the necessary data or performs the actions dictated by the scammer.