Social Engineering — Account Hacking Technique & How To Fight It
I was in a programming class, and my lecturer was sharing with us how he made money from social Engineering. I had never heard that term before until then, yet it was all around me, and still very much around till date.
When you hear the term hacking or hacker, what comes to mind? A guy in a mask, typing fast on a keyboard, in front of a screen with an endless array of 0s and 1s? Hacking entails any activity that attempts to gain access to digital devices, like computers, phones, tablets, and even internet connections and networks. You know this already right?
So, what’s the relationship between social engineering and hacking?
Social Engineering is a form of hacking and contrary to our traditional hacking picture of the guy in a mask, social engineering entails the use of psychology to deceive users to reveal personal details or click on a malicious link, emails or software.
Going back to the story of my lecturer, a company that just upgraded their security systems invited him over to attempt to hack into it and he was going to be handsomely paid for that. Don’t be surprised. Companies who are doubly sure of their security often invite hackers to attempt to hack into their system. In fact, Apple once offered a sum of one million dollars to whoever could hack an iPhone at that time.
When it was time for my lecturer to begin the activity, he and the director left the company’s building. Shortly, he ran back into the building and told the secretary that he needed some login details to quickly do some work. She gave him, and that was the end of the activity. Zero stress, zero keystrokes, no mask involved but security fully penetrated and possibly compromised, and he was rewarded handsomely for that.
How Social Engineering Affects You
Over the last one to two years in Nigeria, there has been a rise of social media and instant messaging account hijacking by hackers, in a bid to extort money from the victim’s close contacts, using the victim’s reputation under the disguised identity. Here’s an example of how it plays out on WhatsApp. Someone attempts to login into your WhatsApp account., WhatsApp sends you a verification code to move your account to another phone, and this person immediately calls you disguising to be an employee of WhatsApp and requests for the code. This strategy was used until people started using Two Factor Authentication (2FA).
With 2FA, you needed a special security code to have access to a new account. Sounds very secure, doesn’t it? However, hackers found a way to bypass it on WhatsApp. Rather than attempt to login your WhatsApp account on their device which would require 2FA, they decided to change WhatsApp number, which is more threatening than the former, and which usually bypasses the 2FA.
I know about incidents like this for Facebook accounts, Instagram accounts and Debit card details. There are even many failed attempts whose audio recordings went viral. With social engineering, the hacker attempts to collect your personal details by appealing to your emotions. And some end up succeeding because of varying levels of emotional intelligence in people.
To avoid being a victim of social engineering, you must know, and remind yourself again and again that a PIN is private. PIN is in fact, the acronym of Personal identification Number meaning that the number is private to you. Hence, any form of PIN or password should not be shared with a third party, under any circumstances. Customer care agents of companies will hardly ask you for a PIN before rendering you any form of assistance. If you therefore receive any of such calls or request, a hacker is trying to play on your intelligence.
We might continue to see a rise in social engineering because our personal data is flying all around the place and a little information about you, shared to you by a hacker might sound convincing enough to support their claims of wanting to render you some form of help. We must be on guard to always spot this trick as soon as personal information like password or pin is requested for. I hope you found this enlightening!
Originally published at https://damilareadekunle.com on August 2, 2020.
