What is Social Engineering? Learn How Hackers Change Their Identities
Social engineering is where hackers try to disguise themselves as someone you know to extract information from you. This could be something as simple as a family member emailing you to ask for money or someone from a bank requesting your password for verification purposes. To help you avoid the crafty techniques hackers employ, here are some ways they try to trick you and how to identify what’s real from what’s fake.
Social Engineering: The Emotional Appeal
The emotional appeal can take many forms. Often, it’s transactional such as receiving an email from “iTunes” for a purchase. If you have an iPhone, this might seem legit but this is where you need to examine the email.
Often, the email contains details of the transaction including date, time, amount, and where your “payment” went. It also provides a link to learn more about this transaction. The problem with this is it appeals to your emotions. After all, if you received an email from iTunes, then it’s easy to want to react quickly because you think someone has stolen your login and payment details.
However, this isn’t the case most of the time. Study the email for any inconsistencies. One of the most common, as it relates to Apple Music transactions is they’ll place an exclamation point after the word music. A simple Google search reveals Apple Music doesn’t have an exclamation point following it. Furthermore, if you receive a transactional email such as this, check your bank account first. If it isn’t on there, then signs point to it being social engineering.
Another way hackers try to lure you to click on attachments or links is by posing as someone close to you asking for money. They might even include a story about how they have a medical condition, need their car repaired, etc. And all you have to do is to click on the link to donate to help them.
Naturally, this is going to sound appealing to some, especially if you want to help. But before you click the link and supply your banking information, take a moment to do some more homework. Is the email coming from an account you recognize, and why would they ask you online instead of calling you?
Speaking of calling, this is a surefire way to discover the truth. It might be an awkward ask but it gets to the heart of the matter quickly.
Social Engineering: The Techniques
Though we highlighted some of the methods hackers used above, there are others that require further inspection. One of the more difficult ones to weed out concern emails.
The reason is when you compose an email you can change the “from” field to anything you want. In addition, finding legit looking email addresses is easier than you think.
Simply, if hackers want access to company data they’ll look up your business’s website. Often, these websites contain information about who works there along with their email address. And once they know how the company formats email addresses, they can alter theirs to make it appear you are receiving it from a colleague.
How do you tell the difference? As with transactional messages, gloss over the details. Look for clues as to what they are asking. Often, this starts with building rapport because once the hackers have it they think you won’t pay close attention to the messages and comply with their requests when they come.
Once they ask for something specific, verify this with whomever they pose as. Be sure to call the person since you don’t know if their device is compromised. And if it is, hackers can just as easily mimic text messages too.
There are other techniques hackers use as well that we will get into next week. For now, if you feel you’ve become a victim of malware deployment and you cannot access your files, the team at Outsource Data Recovery can help. Using the top of the line industry insights and state of the art equipment, we conduct recoveries in a secure and expedient manner. Contact us today to learn more about our services.