Being the “beings” of the 21st century we all are pretty much familiar with the details on hacking devices, computers, banks and their associated repercussions. However recently a new concept has emerged as a consequence of social networking under the name of “Hacking Humans”, which might sound weird in the beginning but in all reality let us tell you that this is pretty much happening in the real world!
Hacking Humans is a pretty common practice that many are involved in with or without knowledge simply by a process called “Impersonation” which essentially is one of the many tools used for social engineering in order to seek unauthorized access to another system with the intention of committing a crime, stealing or for identity theft.
The hacker or the less derogatory term “social engineer” adopts a fake identity of someone you are close with that too so convincingly real that many get fooled and let unauthorized individuals enter their sensitive business information, networks or systems.
A smart social engineer acquires all necessary pieces of information on the person he/she is planning on impersonating and then combines it together into one picture. Whenever a potential victim posts their personal information online without customized privacy settings, they consider it harmless, being completely oblivious to the fact that this is all what the hacker needs to impersonate your profile. The larger the amount of data the social engineer has on you, the better they get at avoid being caught. Impersonators or social engineers do plan a strategy and take all the time they need to research completely on their victim through the following sources:
- Browsing through people’s profiles on social networking sites
- Official websites of company who post employee information
- Phishing Scams via Emails
- Pre-texting on cell phones
- Literally Eavesdropping on private conversations
- Using black market websites selling private information on people
Tailgating is a concept that is used to describe unauthorized access into a building. Let’s say you work in this office that has one main door but also has a back exit gate, no one who doesn’t have authority to enter the belong should get to slip even through the back door. This is just like a robber or an attacker gaining access into a prohibited area where entry is biometric and they can simply walk behind the individual who has swiped his biometric card!
The guard in authority may not ask for a legitimate identity for multiple reasons or may act on an assumption that the person in question has simply lost their identity seeing the confidence by which they are entering the building. Similarly the attacker may also imitate the gesture of presenting the identity token or may just walk in via the door with a large pile of books relying on people’s empathetic nature to hold the door open for them so that they can conveniently seek their way in. So the tricks to slip past security are limitless, hence if you find a sneaky individual lurking around your building, you might just have a potential social engineer trying to enter your work space!
2. Shoulder surfing
There is another clever trick that social engineers play to gain access to your personal information that is by simply keeping an eye on you on what you are typing on your computer or what you are browsing through on the internet. This is what you call as “shoulder surfing,” and can also be achieved by hacking security cameras of the victim’s room if any are place, through the window or simply by eavesdropping on a conversation.
It is advised that you should stay alert on your work environment and always stay aware on who is lurking around you when you are working on sensitive information it can even be a custodian or a sweeper, stay particularly alert when you are entering your passwords. Never let anyone see you enter your password and if you are at a public computer, the best practice is to avoid using it for sensitive tasks and if you do have to use it, the screen should not be facing towards the crowd!
3. USB devices infected with malware
There is one tool that is literally at the disposal of every social engineer particularly in the hands of those who pose or fake their identity as a technical support person is the USB drive! US thumb drives are portable, easy to carry and hide and can be infected with tons of malwares of all kinds depending on what the social engineer needs to accomplish in his ulterior motives.
It literally takes some seconds to inject a USB into the port of any computer and infect the system with all kinds of malwares, worms and bugs. They can also be inserted at various locations in the work place with the intention that someone will pick them up, use them and unknowingly will install a Trojan on their computer device. This Trojan can then be used to hack passwords and login credentials or to access any network from a remote area.
How to protect your information and yourself from these social engineers?
Now that everyone has sufficient knowledge on what impersonation entails and how it can be used to cause harm, it is about time that you should get to know how to protect yourself from such impersonators trying to fake your identity under elaborated scenarios and use it for ulterior motives. Below listed are some common sense rules and allowing your own judgment to act, one can easily safeguard themselves against such attacks on one’s personal information:
- When you are forced to questions the validity of a person or a request for access, without wasting any time you must get in touch with your administrator to seek authority for conducting appropriate validation procedures.
- Do not give out passwords even if it is to your secretary if you want him/her to access something important in your absence. Technical support people never require passwords or other details to access your system so don’t be fooled when they ask for your password.
- Always avoid giving personal details even if it is out of trust or fear, come up with alibis.
You must tighten the physical security measures of your building and seal all passages whereby tailgating is possible. Always ask “who is that person or what is he here for?” If you are doubtful about someone’s authorization, instantly report the person and take necessary steps.
- Stay aware on your surroundings. Always know who is in your immediate vicinity especially in the range where someone can hear your conversation or oversee your computer screen. Use a privacy screen filter to avoid shoulder surfing.
Seal the paper documents and files by not leaving them lying around. When the work with paper documents is done, use a fine shredder.
- Bring in the habit of skepticism for anything that seems out of ordinary particularly anonymous people who suddenly become friendly to you.
- Stick to the rules, policies and terms that your organization has put forth on how situations involving social engineers, impersonators or hacker are to be dealt with.