Social engineering in cybersecurity: The Evolution of a concept

In cyberspace, social engineering is called hacking the human OS. Here at Tech News Hub, we always want our readers to stay up-to-date with the most recent cybersecurity

developments. Social engineering is harvesting people’s private information in an unprecedented way and using the harvested data in many unethical ways. This information can be ATM pins, mobile or computer passwords, company sales data, a simple thing like a birthdate, and so on.

A simple concept to lure victims

Suppose you’re in line for the copier machine and a lady came in. She told everyone that she has only 5 pages to copy and was in hurry. Now, most of the time people are nice and would let her copy first. Also because she asked nicely. But someone with 2 pages to copy was in line. She used the word “because” and it clicked their brain as if it was an actual emergency. Social engineering works in a similarly convincing way.

There are four major methods for social engineering. They are:

• Blagging or pretexting

• Phishing

• Pharming

• Shouldering or shoulder surfing.

Let’s go through them one by one and learn their fundamentals.

Blagging

A blagging scenario is created when the victim is being convinced to give out sensitive information like birthdate, pet's name, and answer to questions that may gradually buildup into enough information to crack a personal account. It may be a social media account or banking. Most of the time, the scammer takes up a false identity and calls the victim. Pretending to be of someone with authority, giving false hope of providing help. People falling for this trap are not informative on how these tactics work or up-to-date with privacy measurements.

Phishing

The word phishing sounds just like fishing and the format is quite similar. The purpose of this attack is to lure victims to click on suspicious links. On the other side, the hacker has total control over the input that the victim types out with the keyboard. Whenever the victim clicks on the suspicious link and types in their password or other sensitive information, they get hacked. Sometimes hacker takes control of victims device and causes unpredictable crimes. It has the potential for the victim to lose everything. A trusted company will never send out links that look suspicious. It will be professional and domains will have Google or other top certified vendor's approval. If it is a link that looks suspicious simply avoiding it or opening it on a different browser incognito mode. And don’t put out your password on any other sites, rather just search for it and use that. Simple precautions are necessary to stay safe.

Pharming

Pharming is the combined result of phishing and farming. Here the attacker sends a mass email to users around the web, in the hope some may fall victim. On the other hand, the pharming method is very advanced. Duplicates sites are controlled and hosted by attackers. It is a mirror lookalike. It can be of a bank, or hospital, or office page. The victim tries to use the website and puts in credentials. Hackers take them and utilise them in different manners. Cracked SSN, credit card numbers are sold on the dark web every day. In 2016, Russian hackers managed to get hold of top democrats’ email addresses, according to The Guardian.

To stay safe from pharming attacks, always check the website link before using it. It can track IP, clicks, and what a victim is seeing on their screen in real-time. Secure sites don’t track this kind of data. Clicking on the lock icon beside the URL’s reveal what the site is using and certificates attached to it. Unsecure or false sites don’t have those as every address is unique.

Shouldering

Shouldering or shoulder surfing is the method of peeking or gazing at a target to steal their credentials. On the bus, plane, and even on the ATM line, someone can get shoulder surfed. The attacker could be someone sitting next to a victim who’s going to enter a security pin or password. Some shouldering methods are so advanced that attackers read shoulder and arm movements to guess the victim's password. We suggest not to pull out the company sales chart next time you’re in public even in a park. Someone like a competitor may be trying to pull the data causing the victim or company a disadvantage.

Social engineering has been with us for a very long time. It is still pretty unpredictable. During the pandemic, covid put us in a position of social distancing and now that threat has now passed, we must now utilise what we learnt there and what we did to keep ourselves safe, to keep our devices safe into the future.