Social Engineering is something that shows up often when talking about hackers and hacking. A piece of nasty software isn’t always the way you can get in trouble, sometimes people use something called Social Engineering. In order to gain access to something that you shouldn’t be able to access, criminals are now using human trait’s to act against them. Most human beings are kind and generous people. If you walk up to a door that’s secured, and there’s somebody trying to get – and they’re struggling to carry a big box – you’re most likely going to help them open the door and get in. This is just human nature, we like to help others.
This is unfortunate in this case, as the gent with the box might be trying to get through this door to steal, or take information hostage! The classic example is people in a hi-viz jacket carrying a stepladder. It’s been said for years that if you dress this way and carry a ladder around with you, you can get in anywhere – just as long as you look busy or like you’re in a rush to get there! Who wants to bother the busy and stressed out workman with a big ladder who’s rushing to get some important maintenance done?
The criminals using Social Engineering are pushing buttons that we respond to. There’s panic, compassion, helpfulness etc. Some examples are emails that come through letting you know that you have an email waiting for you, but it’s trapped. You need to click a link to access this important email.
So you click the link that’s helpfully going to deliver you your important message, and get presented with a screen asking you to log in – Microsoft cares about your security, and doesn’t want any old user to be able to access this important email. But the problem here is that it wasn’t Microsoft at all… It was a scammer who now has your email log-in details. They might have sent you an email saying that HMRC owes you money, so you need to enter your details and quickly claim! Or the old but gold: The Nigerian 419 scams. “I’m trapped in this country, I have a million billion pounds in gold or some other precious asset, send me £10,000 and I’ll give you half of it!”.
Unfortunately, generally speaking this type of thing just doesn’t happen in the world, so you’re best off ignoring them.
If you’ve been caught in a phishing scam and don’t have your own IT team – get in touch with me immediately at 01636 681110 or enquiries@jalapeno.is
