Makerere University

Enter a keyword or two into the search box above and click search..

How Hackers Use Social Engineering By Targeting Events and Circumstances

You are here

Social Engineering

Photo by Austin Distel on Unsplash

By Kyomuhendo Esther Diana

Almost every week mass media communicates about hackers having stolen thousands of passwords and other sensitive private information. It is commonplace to read articles about hackers having taken advantage of system vulnerabilities to bypass security barriers in order to fraudulently access private and company networks.
One of the most famous ways of hacking is SOCIAL ENGINEERING. Social engineering is an art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data.

For example, instead of trying to find a software vulnerability, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password.
Even if you've got all the bells and whistles when it comes to securing your data centre, your cloud deployments, your building's physical security, and you've invested in defensive technologies, have the right security policies and processes in place and measure their effectiveness and continuously improve, still a crafty social engineer can find his way right through.
Social engineering has proven to be a very successful way for a criminal to "get inside" your organization/ on an individual’s personal life. Once a social engineer has a trusted employee's password, he can simply log in and snoop around for sensitive data. With an access card or code in order to physically get inside a facility, the criminal can access data, steal assets or even harm people.
Sometimes, if the hacker knows the person, he will just send a link that is so related to them just to get the victim to open it. And given the relationship, the victim will be quick to open the link since they trust the sender.

You don't need to go thrift store shopping to pull off a social engineering attack, though. They work just as well over e-mail, the phone, or social media. What all of the attacks have in common is that they use human nature to their advantage, preying on our greed, fear, curiosity, and even our desire to help others.
Criminals will often take weeks and months getting to know a place/ the target person before even coming in the door or making a phone call. Their preparation might include finding a company phone list or org chart and researching employees on social networking sites like LinkedIn or Facebook.

They attack via the phone, in the office and online.

Download the attachment to read more. 

File Upload: