Windows

Social engineering in hacking: common methods and protections

Social engineering is crucial to the success of a hack today. Learn the techniques of social engineering and what you can do to avoid being exploited by ill-meaning actors.
J
  • Jim Richards,
  • 4 months ago
  • Editor Informer Technologies, Inc.

Social engineering in hacking: common methods and protections Social engineering in hacking: common methods and protections

In the technical domain, the word “hacker” has been in use since around the late 1950s. It was used by MIT’s computer enthusiasts as a label for someone possessing technical prowess and capable of solving the problems creatively relying on the said prowess.

Today, “hacker” is a term with dark connotations. Hearing it, most people imagine a sinister person looking to cheat someone out of money, property, data, or identity. Sadly, in the eye of the general public, this image is mostly justified.

Nowadays, though, this sort of hacking with malicious intent requires less technical prowess and more social engineering skills. In the context of cybersecurity, social engineering refers to manipulating individuals into spilling confidential or personal information or performing actions that breach security. This article, which is the next installment of the “Cybersecurity for the masses” series, outlines common social engineering methods used in hacking and explains how you can protect yourself against those who employ them.

Common social engineering attack techniques and how to protect against them

Phishing. This one’s probably the most widespread of them all. Typically, phishing involves fraudulent emails or messages that appear legit; usually, they either trick the recipients into revealing some confidential information directly or have them land on a page that collects such.

How to protect yourself against phishing?

  • Learn to trust anything and everything online less. Even if you receive a message that you expect, double-check the address it was sent from for intentional typos and other inconsistencies.
  • Use advanced email filters and anti-phishing tools. Many good online email services have them, and they can be used for individual customers and businesses alike.
  • Enable multi-factor authentication for all accounts that are in any way critically important. If you do fall for a phishing scam, this second line of defense may hold.

There is also “spear phishing,” which is a highly targeted attack custom-crafted to a specific individual. In addition to the regular phishing safeguards, preventing spear phishing attempts requires staying vigilant and reasonably secretive about your affairs related to sensitive information.

Smishing and vishing. These are related to phishing, but the underlying mechanics involve getting into a more private gear with the target: the media used in such schemes are text messages (smishing) and voice communication (vishing), which are usually perceived as something more personal. Consequently, when successful, such attacks can have even more devastating results.

How to protect yourself against smishing and vishing?

  • A message (text or voice, doesn't matter) or a call from an unknown number is a red flag situation, always. Act accordingly: don’t pick up, or don’t trust if you have to pick up.
  • Never share confidential information via phone or text unless it was you who initiated the contact, and the recipient’s identity has been confirmed.
  • In many situations, it helps to be upfront: just tell the person calling/texting you about the lack of trust, and gauge the reaction.

Smishing and vishing schemes, like phishing in general, often rest on a foundation of pretext, a plausible scenario designed to trick you into revealing information or performing the required actions. To mitigate the risk of being fooled under a seemingly legitimate pretence, double-check the components of the scenario with a third party, never be hasty to text back, and employ the “I’ll call you back” technique (redial the number figure by figure, too, don’t simply tap it in the calls menu).

Tailgating. Originally, this technique belongs in the realm of corporate espionage. It involves a malicious actor posing as a harmless working bee — a water guy, or a low-level IT consultant — following an employee into a restricted zone. Modern-day scammers transformed this technique: they may suggest you install software that shares your screen to help you with something techy, and piggyback malware along with that program into your computer.

How to protect yourself against tailgating?

  • Again: don’t trust anyone who wants to mount some app on your computer.
  • If you do need screen-sharing or remote access software, get it from an independent source (like Informer’s catalog).
  • Do not hesitate to ask for as much information about the person you’re talking to as possible, down to a picture of their driver’s license. Unwillingness to confirm the identity equals a raised red flag.

Honeytrapping. This scheme, often employed together with spear phishing, exploits the victim’s desire to scratch the romantic itch. It actually is ages old, but if earlier the scam required some outstanding actorship from the wrongdoer, nowadays, an AI can deliver as much romance-infused content (textual and visual) as needed for the purpose of luring someone into an online affair and ultimately having them reveal important information, install malware, or do other things with dire consequences.

How to protect yourself from honeytrapping?

  • Triple-check the honey offered. Better yet, refuse it straightaway.
  • Never use the device you log into essential systems (like online banking) from to chitchat with a paramour.
  • Be skeptical when offered to move conversations to some private channels.

Honeytrapping is a scheme that relies extensively on AI and deepfakes, which calls for a mild degree of paranoia in any case where even slight suspicion is justified.

All in all, social engineering nowadays is an ever-evolving element of hacking that leverages the weakest link in cybersecurity — the human factor. Combating it requires vigilance and critical thinking, plus a disciplined approach to everything critically important, essential, and sensitive.

Stay safe! Here are the links to other "Cybersecurity for the masses" pieces we have published previously:

Author's other posts

Microsoft adds scareware detector to Edge; what about other browsers?
Article
Microsoft adds scareware detector to Edge; what about other browsers?
Edge's brand new AI-powered scareware detector blocks those scare-inducing pop-ups and keeps you safe. Other browsers offer assistance, too.
Apple plans to sell a cheaper MacBook: what is it going to be?
Article
Apple plans to sell a cheaper MacBook: what is it going to be?
Apple's affordable MacBook with a 6-core A18 Pro chip, 8GB RAM, and ~12.9" LCD display is set to launch in 2026. Targeting students, it may start at $599.
Windows 11 23H2 support ends in November; how to upgrade to 25H2?
Article
Windows 11 23H2 support ends in November; how to upgrade to 25H2?
Windows 11 23H2 will soon join Windows 10 in the list of no-longer-supported versions. Here is what you can do about it.
How to improve RAM performance on a Mac: regular and advanced tricks
Article
How to improve RAM performance on a Mac: regular and advanced tricks
Macs are cool. But they can get slow. Here are some efficient ways to free up RAM, boost the computer's performance, and keep it running well.