What is Social Engineering and How Can You be More Aware of this Attack that Hackers Use?
Have you ever wondered why police officers, customs agents, military personnel wear uniforms? Well, it obviously makes it easier for an individual to identify them, but it also represents a certain level of authority and respect. When you see a police officer and/or customs agent, you automatically give that person a certain amount of authority in the sense that they can make requests from you that a person not representing that authority cannot.
We have all had requests to see our identification, etc. from these authority figures. How many of us ask for that individual to prove that they actually have the authority to request that information from us and what is the purpose of their request? I’d say, not many of us if I am guessing. The reason is that we have kind of an instinctive need to trust that people mean well and are not misrepresenting themselves i.e. in this case falsifying their authority.
Is This Really Security or an Imposter?
Fooled by Instinct!
Because we have this instinctive trusting approach, it makes Social Engineering attacks so potent. A person with malicious intent will in many cases pose as these trusted and respected authority figures. They can also pose as benign figures such as maintenance people, cleaners, or other characters that kind of fly under the radar and doesn’t raise any red flags in our mental trust center (no disrespect to anyone in those careers). Their intent could be to gain physical access to a restricted area e.g., company offices, to plant a malicious device, steal devices or steal physical documents. They could also aim to gather sensitive information from you through a series of questions.
Is Trust but Verify Correct?
It’s difficult to go against our nature of being trusting to being somewhat skeptical. There is a common saying in many fields and it’s this “Trust but verify”. Logically this is wrong in my opinion because if the trust is given before the verification, then the damage could already be done by the time verification arrives. I am not here to tell you how to think, but in the context of corporate and other areas of our lives, I believe the saying should be “Verify then Trust”. If we follow this “Verify then Trust”, we are less likely to become victims of Social Engineering.
I hope you enjoyed. Until next time...