What is social engineering?
Social engineering is the use of deception and manipulation to obtain confidential information. It is a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it.
In anti virus computer security software, social engineering is generally a hacker's clever manipulation of the natural human tendency to trust. The hacker's goal is to obtain information that will gain him/her unauthorized access to a system and the information that resides on that system. Typical examples of social engineering are phishing e-mails or pharming sites.
Examples of social enginering
One example of malware using social engineering tricks were the Japan Earthquake scams that have been discovered in March 2011. In one of these cases, scammers were spreading malicious links to “dramatic” videos of the disaster. So, when you searched for news on the earthquake or tsunami you ended up clicking on a link that actually downloaded malware onto your PC or took you to a phishing site that asked for personal information. In addition to sending spam emails and poisoning search results with dangerous links, cybercrooks are also posting donation requests and links to malware on social networking sites. Therefore, you could have your money and credit card, as well as your identity information, stolen.
Another example is the Tax Related Identity Theft Scams. Cases of stolen tax returns have surged over the past five years, leaving many identity theft victims struggling to recover their lost refunds. Approximately 155 million tax forms are filed annually. This provides identity thieves with an opportunity to steal from Americans who are just trying to pay their taxes correctly. A recent Scripps Howard News Service investigation analysed more than 1.4 million ID theft records from the U.S. Federal Trade Commission from 2005 through early 2010. In it they found that fraud complaints about stolen tax return-related identity theft jumped from 11,010 complaints in 2005 to 33,774 in 2009. That’s nearly 300%.
Attacks on the rise
Despite increases in the number and capability of botnets for distributed denial of service (DDoS) attacks, social engineering remains one of the largest cyber security threats to IT infrastructure. Throughout 2010, experts witnessed various attacks that used the two most popular social networks - Facebook and Twitter - as launching pads. In 2011, not only will hackers continue to use these networks, but it is predicted that they will also be used more for distributed attacks.
