Beware of Social Engineering!

December 6, 2022

What is Social Engineering? Is it a branch of Engineering? Is it taught in engineering colleges?

No. Social Engineering is the strategy / “tricks” used by scamsters to target the psychological instincts of common people so that they become lax or less cautious and commit serious information security mistakes. These mistakes, for example, visiting malicious sites, parting with login credentials such as user-id and password or any sensitive / confidential personal information. The psychological vulnerability that these criminals are playing with, could be greed, windfall gains, jealousy, curiosity, charity, ego trip, or fear.

Social engineering contrasts with hacking or accessing personal / sensitive information by exploiting security lapses of computer systems. Unlike hacking / planting malicious programs by taking advantage of weak security in computer’s operating system or in software / databases, social engineering tries to manipulate (i.e., “engineer”) human emotional reactions and get the information / data from the individuals themselves. Hacking is an intrusion into computers, social engineering is an intrusion into minds of the targets and conditioning / tricking their minds to act without suspicion, endangering the computer, and handing sensitive / confidential information to the scamsters.

To give an example in day-to-day life, if a person asks your date of birth, you may be hesitant to disclose. However, if the businessman asking your date of birth mentions that he needs the date of birth to send personalized “offers” to you on your birth day, you may disclose the date of birth without hesitation. But the fact is, you are handing over sensitive personal information, because date of birth itself is part of login credentials for many web sites. There are many similar examples when people extract personal information using ruses / tricks to appeal to the weak points of human mind. The same phenomenon is found in the digital world also, and is known as “Social Engineering”.

As people spend more time in the “internet world”, the chances of being targets for social engineering “attacks“ by scamsters increases, just like the chances of robbery, cheating or theft increase if a person constantly moves around in a place with teeming crowds all around. In both cases you are dealing with people whom you do not know.

There are ways in which “social engineers” keep looking for “prey” in the World Wide Web (www.). They are constantly on the prowl and launching “attacks” on users. These attacks themselves may be staged through computer software on large number of “prospects”. The attack could come in the form of SMS, WhatsApp, email, phone, chats or as pop-up while surfing the net.

Unfortunately, most human beings will be happy to “receive something without paying”. Most social engineers exploit this weakness by offering something for very cheap or free. Just look at this SMS, “Watch Football World Cup 2022 without paying subscription, click this link to accept the offer”. This is a “bait” for which many people might succumb to. The link might cause your computer to crash / malfunction or it might plant malicious software on your mobile or laptop. A similar technique is messages/emails informing you of “beautiful singles near you” and asking you to follow a link or leading you to a malicious / suspicious web site.

Scare mongering is another technique used by social engineers (scamsters). Sudden pop-up message raising a scare that “your computer is infected. Click here to clean and save the data”. This is a false alarm, but of out of fear and concern for your computer / mobile, one might heed this advice. Instead of cleaning the system from malware, the process might scour your system and steal all confidential information.

Another scam to extract information from gullible public is job sites. There are many job sites where hundreds of job openings are put up. Unemployed aspirants will register themselves and fill online “application”. They will give out all their personal information to the cheats hiding behind the “job site”, with the hope of getting a job. Many such fake job sites ask the prospects to fill legal name, full address, phone number, email, date of birth, PAN number and many more details. In reality, the job site might just be a ploy to collect this information and use it for nefarious purposes. Romance / dating / escort sites are also surrounded by scamsters looking for guinea pigs.

Many times, users get messages asking them to do an action and giving a link to a site / redirecting to another web site. The site shown appears genuine. The email / pop-up message exhorts the user to do the action urgently with hints of inconvenience or risk if not acted upon. For example, a user might get a message stating “your KYC details are out of date. Pls login to bank site and update”. The user might login to the fake site duly typing his bank user-id and password (The fake / clone site is programmed to accept any user-id and password). He will update the KYC details in the clone site and in the meanwhile, the scamsters have stored his login-id and password which they can use to enter the real bank site and siphon off the balance in the account. Another example could be, one is navigating in a betting site, and suddenly a pop-up appears “Your web activity is punishable offence. Pay the penalty” and redirects him to a site looking similar to Government site and prompting him to enter his credit card details for recovery of penalty. This is an effort to impersonate and generate fear psychosis in the user.

It is important to note that social engineering is not just feature of internet, it is possible to receive these “attacks” through phone calls also. Remember callers claiming to be from “bank” telling “Your ATM card has been blocked…pls give details so that same can be unblocked.”

There are many other techniques in vogue where scamsters try to extract information or to make the user commit information security lapses, infecting the computer with virus or resulting in data theft.

Some of the ways in which you can make yourself less prone to social engineering attacks:

Have a good and updated anti-virus protection for laptop / mobile.

Do not click on links or download files sent by unknown entities.

Any message (SMS/chat/email/voice call) asking you to do something urgently or offers something too good to be true is suspect.

Never entertain “technicians” who come to doorstep (without your request) to speed up your internet, claiming to be from your Internet Service Provider (ISP).

Never share OTP with anyone.

Opt for two factor authentication (e.g., password as well as OTP) for logins.

If you receive any call or email claiming to be from bank, pls call the bank on phone and double check the genuineness.

When you are dealing with unknown unseen entities, best way is to be cautious, circumspect, and not to fall victim to the mind tricks of criminals / impersonators.

Better to be circumspect and safe rather than trusting easily and getting conned by confidence tricksters.

Beware!

 

 

By B K Murthy
To submit your article / poem / short story to Daijiworld, please email it to news@daijiworld.com mentioning 'Article/poem submission for daijiworld' in the subject line. Please note the following:

  • The article / poem / short story should be original and previously unpublished in other websites except in the personal blog of the author. We will cross-check the originality of the article, and if found to be copied from another source in whole or in parts without appropriate acknowledgment, the submission will be rejected.
  • The author of the poem / article / short story should include a brief self-introduction limited to 500 characters and his/her recent picture (optional). Pictures relevant to the article may also be sent (optional), provided they are not bound by copyright. Travelogues should be sent along with relevant pictures not sourced from the Internet. Travelogues without relevant pictures will be rejected.
  • In case of a short story / article, the write-up should be at least one-and-a-half pages in word document in Times New Roman font 12 (or, about 700-800 words). Contributors are requested to keep their write-ups limited to a maximum of four pages. Longer write-ups may be sent in parts to publish in installments. Each installment should be sent within a week of the previous installment. A single poem sent for publication should be at least 3/4th of a page in length. Multiple short poems may be submitted for single publication.
  • All submissions should be in Microsoft Word format or text file. Pictures should not be larger than 1000 pixels in width, and of good resolution. Pictures should be attached separately in the mail and may be numbered if the author wants them to be placed in order.
  • Submission of the article / poem / short story does not automatically entail that it would be published. Daijiworld editors will examine each submission and decide on its acceptance/rejection purely based on merit.
  • Daijiworld reserves the right to edit the submission if necessary for grammar and spelling, without compromising on the author's tone and message.
  • Daijiworld reserves the right to reject submissions without prior notice. Mails/calls on the status of the submission will not be entertained. Contributors are requested to be patient.
  • The article / poem / short story should not be targeted directly or indirectly at any individual/group/community. Daijiworld will not assume responsibility for factual errors in the submission.
  • Once accepted, the article / poem / short story will be published as and when we have space. Publication may take up to four weeks from the date of submission of the write-up, depending on the number of submissions we receive. No author will be published twice in succession or twice within a fortnight.
  • Time-bound articles (example, on Mother's Day) should be sent at least a week in advance. Please specify the occasion as well as the date on which you would like it published while sending the write-up.

Comment on this article

  • Daniel, Mangalore

    Thu, Dec 08 2022

    Need to be Beware of human hacking by these elite ? Dr. Yuval Noah Harari talks about how humans are now “hackable animals”, no longer subject to the intelligent design of “some God above the clouds, but our intelligent design…” his 6 minutes video on it at... https://zeeemedia.com/interview/transhumanism-klaus-schwab-and-dr-yuval-noah-harari-explain-the-great-reset-transhumanism-agenda/

  • k b r, Mangala Uru

    Wed, Dec 07 2022

    Social Engineering is practised by politicians and businessmen too, playing on emotion to garner votes/sales.

  • Daniel, Mangalore

    Wed, Dec 07 2022

    Good information. But global big bankers or eugenics globalist elite, BigTech and communist china also behind this, is the question by keeping few loopholes or vulnerabilities for future control of masses ? Take example of credit card evolution. After swipe, chip on credit card then rfid chip for contact less transaction in the name protection from viruses so to do away much currency notes or for digital transactions. Finally credit card will be totally eliminated with rice size chip in the body (hand or forehead) in the name of safety against loss, misplacements and security. This is again mostly to enslave most of humanity. if one goes against their global climate change guidelines (Carbon footprints) or communist social credit system for bad behaviour, this chip can be programmed such a way either to disable access to bank account. What and how much one can buy, where one can travel mostly to starve people for complaince or total control. ////// Already they have all single ID data. Recent covid looks like to enforce this worldwide with vaccine status, Covid Pass red or green. Now digital currencies, all linked to Adhaar card or similar single ID card. Finally all details in Single microchip for elite and communist global state control. These wars, future climate change fossil fuel shutdowns to weaken economies of nations, pandemics, global Digital currencies for their WB, IMF unpayble loans. 5G, AI, Horus eye adavance surveilance system in the name of smart cities all these mostly for control masses worldwide. Then their more pandemics for Bill Gates' nano high tech mRNA Vaccines or slow depopulating injections to reduce elderly first and most for better communist state control. Klaus Schwab call this as Global Reset or 4th Industrial revolution or UN agenda 2030 or communist New World Order. So these so called hackers, data stealers, scammers, terror groups' main sponsorers are or if eugenics elite and communist china behind this, it is not surprising!! Advance technology is very good but looks like these using for their gain and control.


Leave a Comment

Title: Beware of Social Engineering!



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.