Social Engineering involves using non technical skills or methods to have access to computer users
information enough to cause damage, meaning social engineers could be likened
to criminals whose major vision is to leverage on human weaknesses to strike.
The tool required by social engineer is ASKING ASKING ASKING, No wonder the
statement „“Instead of a Motto:“ You only have to ask“.
So in social engineering,
information about people are
gathered without the use of
technology.
As computer users in a networked world, it is important to
know the techniques used by the Social Engineers to avoid falling victim
because its a world of deception to gain undue advantage.
It is world of little
things counts for me when talking of Security and Privacy in this context, a
world where any action or inaction can
be used against you in the future even immediately.
For example out of ignorance, a sticky paper used to retrieve my lost account details such as
password and username not properly kept
or trashed i the bin can sell me out and later be used to wipe my hard earn money? Scary i
thing? But it is true, it is a similar to a social engineering techniques
called DUMPSTER DIVING.
May be to some computer users, the DUMPSTER DIVING technique
for them is no tricky, but TAILGATING is also a disguise that any corporation
can fall for, imagine a well suited fresh guy with fake invitation to a
business or town hall meeting of a bank executives to discuss critical issues
on the bank. After having undue access
to the information needed without carrying gun, the after effect could be
bankruptcy. Social engineering still all
about deceit or robbing without carrying weapon.
SHOULDER STUFFING is another technique used by social
engineers, remember that we are in a world of everybody turning into freelance
journalist with our mobile
smartphones, the same way social
engineers could get a snapshot of our
abandoned Facebook page or even email box for vital information . Imaging sleeping when already logged in to
check account balance with Pin code card and other account details exposed in a
room of social engineer, a glance or peep could be dangerous here.
The question is who is saved from the attack of social
engineers? In a word, i will answer NOBODY, but some measures could be used to
prevent falling victim
The simple answer or way to prevent being a victim is
AWARENESS, computer users in a networked world needs to be aware that safety in
this context depends on their actions or in-actions, act they should know which data if leaked could
sell them out and prevent it from leaking. Using Shredders to shred papers is
awesome, CCTV in an apartment is cool and may be, covering our PCs with
clothes when we need to log on with sensitive passwords and username to our
internet bank is the way to go like Edward Snowden.
But the statement below has the most paramount message to
prevent us being a victim of social engineers: Using the words of Confucius, "Education breeds confidence,
confidence breeds hope and hope breeds peace", for peace or something
related to peace in a networked world, security and privacy education and
training is a great tool for computer users.
Sources
:
http://www.csoonline.com/article/2124681/security-awareness/social-engineering-the-basics.html
https://beta.wikiversity.org/wiki/Security_and_Privacy_in_a_Networked_World/
No comments:
Post a Comment