What Do You Know About Social Engineering?

By definition social engineering is a discipline or art of manipulating people so that they share their confidential information. It may start from collecting information as simple as your legally registered name, date of birth, passwords or bank information depending on the interest of the exploiters. These criminals may collect information based on what they are targeting from their victims.


How can I be a victim of social engineering?

Art of social engineering starts from getting trust – something like the exploiter becoming friends with his or her victim. Thus, social networks are great plethora of information about people around and finding targets are much easier. Platforms such as Facebook and Twitter are on which these exploiters may start manipulating people.


What else social engineers do?

This depends on what the social engineers are looking for. Common social engineering attacks include:

1.       E-mail from a friend:

With e-mails, these criminals can do whatever they want. Basically what they target with e-mail can be the victims’ passwords. Knowing a password of an account of the victim is as good as knowing all the passwords of the accounts associated with the victim.  This is because most of the people are tempted to use same passwords for all the accounts they possess.

Links they send in their e-mails can be the links that seem common but these can be links of the cloned sites with which they use as tool for collecting the passwords.

Download links, images, videos and others may contain malicious software that keeps the victims webcams turned on so that the attackers see them, track the victims’ password or make the victims machines malfunction.


2.       Phishing:

Phishing attacks come with e-mails, Instant Messages, or comments that appears to be from legitimate people, institutions or banks associated with the victims.  The victim may get messages such as saying he or she needs to verify his/her passwords, re-enter passwords, or change passwords often with threats mentioning what would happen if they fail to do with the links the send.

Sometimes messages can be about the victims winning a lottery, or other gifts. The criminals would ask the victims to send some money so that these prizes can be delivered or else these prizes will be withheld.


3.       Others

There can many ways the criminals can do to attack their victims. It is always advisable to be always cautious while reading emails, instant messages for comments from unknown people and maintaining privacy to one’s every bit of information.


When these attacks can happen?

Possibly anytime, anywhere and to anyone.


How can I protect myself?

There are many ways to protect. Here are some of these:

1.       Never trust spams.
2.       Be suspicious of any unsolicited messages.
3.       Delete any requests for financial information or passwords.
4.       Beware of the fake accounts on social-networks.
5.       Be cautious about what else to download.
6.       Use recommended or known websites.
7.       Do not shares photos or videos that contain your information.
8.       Never get excited about foreign offers – often they can be fake!
9.       Use reliable anti-virus software.
10.     Use strong and unique passwords for different accounts.
11.      Never trust unknowns!

Sonam Dargay

Kuzu Zangpo la! I am Sonam Dargay, a student in the College of Science and Technology affiliated to The Royal University of Bhutan. I am a tech enthusiast student, studying Bachelor of Engineering in Information Technology.

Leave a Reply

%d bloggers like this: