Social engineering is a strategy employed by hackers, criminals, and cyber attackers to manipulate and trick computer users into breaking computer security practices. Attackers often seek information such as passwords and personal details with the purpose of installing malicious software on one’s computer to provide themselves with access to confidential information in addition to gaining control of one’s computer. Attackers use emails, phone numbers, direct or indirect contact, My Mail, CEO fraud, and snail mail. According to Hadnagy (2010), the weakest link in the security setup of information technology is the user. Criminals use various tricks in exploiting users’ weaknesses to gain control of a computer system. Some of the ways in which they trick users involve impersonating a celebrity and creating a pseudo social media account. Luo, Brody, Seazzu, and Burd argue that through the sham account, a criminal can contact the friend through email whereby the message sent contains a link infected by malware (2011). Hadnagy states that once the user clicks on the link, the criminal can gain control of the account and send multiple emails to people on the contact list (2010). Most emails sent by cyber attackers look innocent and legitimate, however, upon clicking or activation, they set in motion a series of commands that can scan the user’s passwords and private information. Most tricks and strategies do not look dangerous and often come as enticing and convincing messages, for example, claims of winning a lottery.
Social engineering is used by criminals to manipulate individuals into giving out confidential information that may lead the criminals into committing crimes such as hacking into a bank account, siphoning money from it or terminating a security measure such as disabling an alarm system. Often and in most cases, criminals appeal to authority and greed, and use eavesdropping to get information , on a social media platform (Mann, 2012). The ultimate goal of the attackers is to get confidential information or help them gain full control of whole computer systems. . Through gaining complete control, they commit felony, fraud, lie, and or install malicious software that can help them perform a wider criminal act such as siphoning money from a bank account.
Effects on Individuals and Society
Social engineering is and remains a criminal offence. The attacks take many forms and types. These include:
Attackers leave an infected computer device such as a CD or flash drive with the hope that the user will find it and load it into the system. Once it is loaded, it allows the attacker to access information from the computer system.
This takes place in a situation where the attacker coerces a victim into giving out sensitive information or data. For example, the attacker will masquerade as a trusted person within an assigned department and trick a victim into divulging sensitive credentials such as customer information and private details (Abraham & Chengalur-Smith, 2010).
Quid Pro Quo
This occurs when a criminal requests private data from a reliable person in exchange for some compensation. For example, a criminal would ask for login details in return for a free ride or a gift. Other types of social engineering include tailgating, spear phishing, and phishing. Although the use of technological solutions such as filters, data monitoring software, and firewalls have been used to mitigate social engineering assaults, criminals have devised ways of maneuvering around the security measures to gain access to private information and into manipulating victims (Mann, 2012).
Social engineering attacks and strategy have both negative and positive consequences for individuals and society. While they enable computer wizards and criminals to make a living and bully computer users, it often has deep psychological effects on people. Society as a whole is vulnerable and remains at the mercy of criminals who regularly prey on people seeking weak links to attack. In fact, according to computer experts, social engineering attacks are one of the worst security nightmares an individual or organization may face. Organizations worry about clients’ private data, for example, banks often have the greatest fear of a cyber attack that can result in the loss of millions in customer savings. According to Abraham and Chengalur-Smith (2010), people often face the greatest torment of having their data and private details accessed by a criminal. With the digitization of information and technological advancement, most transactions and business dealings are carried out online, exposing both individuals and organizations to attack, Thus the adverse side effect is the constant worry of personal information being accessed by an illegal or unauthorized person.
Constant worry and fear of attack have contributed to the slow pace of expansion of computer technology into many homes and individuals’ lives. While many use and trust computer technology, the notion of an attack or manipulation and bullying often deters an individual or organization from fully integrating the computer into their lives. Computer technology remains the greatest invention and innovation of the 20th and 21st centuries, therefore its usage and application should go beyond the fear of an attack as presumed. However, criminals’ techno-savvy strategies have left many skeptical about fully allowing computer use into their lives.
Abraham, S., & Chengalur-Smith, I. (2010). An overview of social engineering malware: Trends, tactics, and implications. Technology in Society, 32(3), 183-196.
Hadnagy, C. (2010). Social engineering: The art of human hacking. John Wiley & Sons.
Luo, X., Brody, R., Seazzu, A., & Burd, S. (2011). Social engineering: The neglected human factor for information security management. Information Resources Management Journal (IRMJ), 24(3), 1-8.
Mann, M. I. (2012). Hacking the human: social engineering techniques and security countermeasures. Gower Publishing, Ltd.