Social Engineering - I Love You With Hidden Agenda

We have heard so much about hacking of systems, accounts, organizations and so many other situations caused by a breach in security infrastructures. 


In response to this threat, companies around the world are projected to invest over 150 billion dollars on IT security projects in 2017 in an attempt to protect their businesses.So why, despite these large investments, do we often constantly see large companies with strong IT systems suffer from service disruptions and leaked information? the answer lies in the persuasiveness of Social Engineering! According to Kevin Mitnick, described by the US government as one of the most dangerous hacker in the world, the cause of this could be because “it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system” (Alvin Cheung ACC 626).



Social Engineering, according to Mitnick, is the use of influence and persuasion to deceive people into divulging information. in the past we have heard so much of the infamous Nigerian prince as used by some fraudulent Nigerians called "yahoo yahoo". the secret is to be your friend, socialize with you and make you comfortable with them. Once they win your trust the exploit begins. This is the method these guys have been using against foreign folks for years. Taking advantage of the vulnerable old widow or the vulnerable young woman who just had a broken relationship or the want to get rich quick young man. In most cases they act like they are from other countries other than Nigeria. and yes identity theft is one major tactic they use in achieving this.




Another dangerous aspect of social engineering is taking advantage of company's employees, socializing with the sole hidden purpose of getting information or password that might allow this attackers or hackers get access to the target organization, either physically or remotely via the internet, compromising the security infrastructures in place. once they are in all sorts of activities from financial theft to propriety theft to important information that might be used to blackmail such organizations. in other to prevent all these from happening it is advisable that organization conduct ICT training from time to time, enlightening them on some of these methods used by hackers and for them to report any questionable activities they might encounter while carrying out their daily job activities. Ignorance is a weakness knowledge is strength!


No comments:

Post a Comment

Intel Tiger Lake CPUs to come with Anti-Malware Protection

Intel’s Tiger Lake CPUs will come with Control-flow Enforcement Technology (CET), aimed at battling common control-flow hijacking attacks. I...