Social Engineering

This is by far becoming the greatest threat facing individuals, businesses, and governments today in the cyber world. In all of the threats that I listed above, some level of social engineering plays into them. While definitions may vary slightly, the general consensus is that social engineering is getting a target to reveal information or take a specific action for malicious reasons. So whether it be getting someone to click on a fake download link, install ransomware, or respond to a phishing campaign, it all falls under the realm of social engineering. Some hackers are just much better at this than others.

Understanding the theory behind social engineering is critical in being able to recognize and counter it. This isn’t easy to do and can’t be learned overnight, as psychology is very heavily involved with this. Someone who is very committed to infiltrating a business and who has a lot of interpersonal skills and technological understanding, would be able to do so if the business wasn’t properly prepared.

In the book recommendations section, I list some books to help you learn more about this topic. As there is a lot of psychology and theory involved here, the books can be a dry read, but it’s very powerful information. It just requires a commitment to learn and understand it. Once you do, you’ll be much better protected, not just from a cyber perspective, but from a real life perspective as well. You’ll learn about the thinking behind those who are criminals and the motivations of them. Being aware of the evil nature of some people will also help you grasp how some people can commit some of the atrocious things they do.

Add some skepticism

You should really add some skepticism when you're dealing with people. For example, phone scams are still very popular and use things like the area code of your phone to trick you into answering. The scammer will then try to get certain pieces of personal info from you that would give them an idea of who you are and where you live. They will also make fake scenarios where they will say that you or a family member is in some sort of trouble. They are using common manipulation techniques when they do this, i.e. urgency, to get you to do what they want.

This is a very in-depth topic that can’t be fully fleshed out as it would be a gigantic section because of all the psychology aspects, but here are some things to look out for. Hackers will use multiple angles to get their target to do what the hacker wants them to do. The hacker will try to use emotions to sway the target such as curiosity and fear. This could take place in the form of something such as a hacker sending a carefully worded convincing email to a target, giving them just enough information to make the target curious, that they do something such as clicking on an attachment.

The most dangerous route that a hacker can take is to build trust with you. Someone who understands the human psyche well will use many different approaches all combined in a seamless manner to build that trust until they can eventually spring the trap. This isn’t meant to make you hyper suspicious of people, just realize that someone who starts emailing you out of the blue may have bad intentions in mind. As I have time to continue building this site out, I will cover social engineering in more detail about how to protect yourself.