You can install the most powerful and most expensive firewall, the most updated and celebrated antivirus, educate employees or family members on the basic security procedures and the importance of choosing strong passwords; but none of this can protect against so-called social engineering techniques . From a social engineering perspective, the person himself is the weak link in the chain of security measures.
Human beings are not only susceptible to error, but are also vulnerable to targeted attacks by individuals who hope to convince them to give up sensitive information.
It then becomes interesting to see what are the main social techniques used to deceive and defraud and, above all, how to protect yourself in everyday life from deception, while using a computer on the internet .
Social engineering is the act of manipulating a person to access his sensitive data and is one of the main cybercrimes and crimes via the internet.
The difference between social engineering attacks and, for example, a hacker attempting to access a protected website is the choice of tools used.
A hacker is an expert in computer technology who looks for weaknesses in software while a social engineer mainly uses psychological techniques to force the victim to give his consent to share private information.
Since we talk about the internet here, it is obvious that this type of attack does not come from an identifiable individual.
The attack can be devised using tools such as email, social networks, chats and the telephone.
By far, the most widely used technique of deception and data theft is phishing .
Using the sending of Email, we try to convince the victim to share a password by frightening him (for example: your online account will be disabled if you do not enter the password on this page) or with false promises (congratulations, you have won ... ).
In the guide to online security against hackers, phishing and cyber criminals, it is explained how to defend yourself from phishing against other hacking techniques that, today, have become much more clever and subtle.
A variant of phishing is the one via telephone which is based on the same principle although much rarer (in Italy) and difficult to implement.
Through Email, the person is asked to call a number and, verbally, communicate data such as credit card number or bank account access passwords.
Another very clever technique for stealing data and carrying out scams is Baiting which bases its success on the greatest weakness or strength of human nature, curiosity.
For example, you could find a USB stick on the ground or a CD with a nice inviting plate, which hides a virus that can be used by the scammer to secretly access and spy on the victim's computer.
Other social engineering techniques certainly involve Facebook, from which many viruses have spread with ads and deceptions such as " see who visits your profile " or how " a photo of yours has been published, look at it by clicking here! ".
Good examples of social engineering and deceptions via Facebook are those told in the post on how to see private profiles on Facebook.
The best defense against these psychological attacks is the awareness that nobody gives anything for nothing and, therefore, mistrust towards all that is unknown.
Without exaggerating in fear, it is important to always stay informed about what is offered or promised and think well before giving any answer, also getting used to recognizing the obvious deceptions.
As for digital data, some precautions should be used.
For example, if you have to throw away a USB stick, a memory card, a hard disk or an entire computer that is not working, you should make sure that it does not contain important or sensitive files and data such as passwords, private documents or personal photos.
Another article lists the programs to permanently erase data from a hard disk or USB stick .
If you throw a disc, even if it doesn't work, it would also be advisable to destroy it and tear it to pieces .
It seems obvious but it is good to be careful never to leave the laptop unattended and open, not locked with a password that must be strong and complex enough.
In addition, if the laptop is stolen, one must be very careful to immediately change the passwords for access to the various internet services possibly stored in the browser.
For this reason tools like password manager programs are always useful and powerful to avoid surprises of this type.
Even more dangerous are Android smartphones, iPhones and powerful cell phones that are used more than computers to send Mail and access web applications with stored passwords.
Never leave a cell phone without a password lock and it may also be advisable to install an anti-theft device in the phone that locks it and erases the memory .
On USB sticks, easy to lose, it is always useful to install a program like TrueCrypt to protect the data of the keys with passwords or BitLocker which protects hard drives and USB sticks.
If you find a CD or a USB stick on the ground, before using it, remember to treat it with the utmost suspicion and the utmost prudence and remember that a bank will never ask for access to the account via email or telephone.
In conclusion, I would say that, as in real life, even on the internet and in the use of the computer, it can be easily manipulated and it is important to always keep your eyes open and stay away from the temptations to experiment without knowing.
If you have experienced this type of psychological attack or deception, let us know what you think of it in a comment below.
