What is Social Engineering and Why do Hackers Use It?
Social engineering operates under the principle that the most effective way to compromise any security system is by compromising the individuals who operate the system. This principle is demonstrated by the famous tale of the Trojan Horse from the Iliad. In the Iliad the Greeks use the gift of a large wooden horse to get the Trojans to drop their defenses. The Trojans bring the horse into their city. What they didn’t realize is that the horse was a trap. Inside the horse were Greek soldiers who snuck out of the horse and opened the gates for the Greek army to enter.
This method is used by hackers to gather information and to execute cyberattacks. There are different types of social engineering attacks, such as phishing. Phishing is a form of social engineering in which attackers trick people into installing malware like ransomware or revealing sensitive information. Phishing attacks have become increasingly sophisticated, often mirroring the target website, allowing the attacker to observe everything as the victim navigates the site and cross any additional security barriers with the victim. Phishing is typically done via email. There is also vishing, which is done via phone.
There is also a watering hole attack. This attack entails infecting websites that members of a specific user group are known to visit in order to compromise them. The objective is to infect the computer of a targeted user and gain access to the target’s workplace network. In order to do this, attackers target websites which they know are very popular and have high amounts of traffic.
A third type of social engineering attack is the use of scareware. Scareware is a type of malware attack that tells users they have a virus or other problem on their device and tells them to download or pay for malicious software to fix it. Generally speaking, scareware is not an attack in and of itself but rather the entry point for a more complex cyberattack.
Attacks using social engineering are based on a few important principles. The authority’s influence is one of these. People tend to follow those in authority. The experiment conducted by Stanley Milgram demonstrated that people will comply with authority figures even when they are asked to perform actions they are uncomfortable with. Milgram instructed participants to read a list of questions to a respondent during the experience. The participant was instructed to administer an electric shock to the respondent if the respondent gave an incorrect response. With each incorrect response, the participant was required to raise the voltage. The fact that the respondent was an actor who was posing as shocked was not made clear to the participants. The participants were aware that they were in fact electrocuting the respondent. Despite their obvious distress at inflicting pain, participants continued with the experiment. Two-thirds of the volunteers were ready to administer an electric shock that could kill them. This demonstrates authority’s power.
In addition, there are additional principles, such as liking. People are easy to convince when they like someone. Liking is designed to make the target feel at ease by making them believe that the manipulator is likable, whereas authority relies on the manipulator presenting themselves as an authority figure.
Another one is social proof. The idea that people will do what they see other people doing is the foundation of this. It must be worthwhile to do if everyone else is doing it. This strategy is based on convincing the target that a particular behavior is socially acceptable.
In short, social engineering is about getting you to lower your defenses. The goal is use the behaviors or habits of the end users against them. This is why one must always remain cautious and alter when navigating through the internet.
—
Dwayne is the author of several books on the history and experiences of African people, both on the continent and in the diaspora. His books are available through Amazon. You can also follow Dwayne on Facebook and Twitter.
