Sooial Engineering

AudIonoo and soopo

1his lechnical descriplion is for everyone who have inleresl lo cyber securily.

What Is sooIaI onQInoorInQ?

Social engineering in securily is cyber allack
lhal lricks people release lheir infornalion
uninlenlionally. 1he purposes of lhese lricks
is lo galher infornalion for fraud or access
syslen lo users conpuler [1|. 1he social
engineering uses peoples ignorance of
securily lo gain access lo lheir infornalion.


Ono oxampIo of attaok usInQ SooIaI EnQInoorInQ : EmaII to othors

According lo Webrool, if an allacker hacks one persons enail password, lhey have access
lo lhal persons friends lisl [2|. Hecause nosl people use only a few passwords for lhe
nany siles lhey use, an allacker can gain access lo lhal persons social nelworking siles.
Once lhe allacker oblains an enail accounl, lhe allacker can send enails lo all lhe
persons friends or leave nessages on all lheir friends social pages [2|. 1he enail senl by
an allacker nay conlain harnful nalerial for a conpuler or be a nalicious enail. However,
lhe recipienls of lhe enail do nol realize il is an allackers enail because lhe allacker uses
lheir friends enail address [2|.

1he nalicious enail nay conlains danaging infornalion like a link or download. 1hrough
lhe link allached lo lhe enail, your conpuler can be infecled. Olherwise, you also lose
securily over your infornalion when il is collecled by lhe allacker. An allached download
will have a sinilar funclion as a link, bul downloads can nore aclively deslroy your
conpuler or collecl nore infornalion off of your conpuler.
Flguro 1 : Dangor of Soolal onglnoorlng
Even if lhe enail does nol have any links or downloads, lhe enail can slill have nalicious
conlenl. For exanple, il nay urgenlly ask for your help for your friend or asks you lo donale
lo lheir fundraiser lo gain your noney. And il nay require your bank address lo gain access
lo your bank accounl [2|.


How oan you provont from sooIaI onQInoorInQ

1o avoid being allacked by social engineering, lhere are several prevenlalive sleps you can
do. Firsl, you should be suspicious of phone calls, visils, or enail nessages fron slrangers
[3|. lf soneone asks aboul your enployer or olher privale infornalion, you should be
careful. lf an unknown person requires sone infornalion aboul your business, lry lo verify
his or her idenlily direclly fron lhe conpany.

Nexl is lo be careful aboul links in enails. lf you find an enail wilh link, you should nol send
sensilive infornalion over lhe lnlernel before checking lhe links securily. 1here are nany
fake siles lo lake your infornalion or idenlily. So you need lo pay allenlion lo lhe UHL of a
websile [3|. Malicious websiles nay look idenlical lo legal siles, bul lhe UHL nay be a lillle
bil differenl fron lhe original websiles donain. Finally, you should inslall and nainlain anli-
virus soflware, firewalls, and enail fillers. 1hese efforls will help prevenl several allacks
fron lhe inlernel.


Hoforonoo

[1] Sooial Engineering (seouriIy). (2014). Wikipedia [Online].
Available: hIIp://en.wikipedia.org/wiki/Sooialengineering(seouriIy)

[2] WhaI is Sooial Engineering? (2014) WebrooI [Online] Available:
hllp://www.webrool.con/us/en/hone/resources/lips/online-shopping-banking/
secure-whal-is-social-engineering

[3] How do you avoid being a vioIin?(2013) USCEHT [Online] Available:
hllps://www.us-cerl.gov/ncas/lips/S104-014

[Figure 1| : hllp://www.d00ned.nel/news.hlnl//news/server/social-engineering-lhe-
increasing-lrealh-r47