Cybercrime, like regular crime, appears in a variety of forms. There are direct violations, such as the unauthorized hacking of an account, and there are more subtle varieties, such as posing as a Facebook friend, that involve tricking victims into unwittingly handing over their sensitive information. The latter form of cybercriminal activity is known as “social engineering.” While the term is not specific to internet crime, it is often used in regard to cyberattacks because cybercrooks have mastered these techniques as a means to perform a host of unlawful online actions.
In basic terms, social engineering is a way to manipulate people into divulging confidential data. The term, as it relates to computer crimes, was popularized by former hacker Kevin Mitnick, who discovered that it was much easier to trick a victim into unwittingly providing his password than to spend the time and effort to hack into an account. Mitnick, now a computer security consultant, was the most wanted cybercriminal in the U.S. at the time of his arrest in 1995. The reformed hacker has admitted that social engineering was the most effective method he employed during his extensive cybercriminal exploits.
When Mitnick began his hacking career, internet crime was still in its very early stages; for example, the young cybercriminal used social engineering to bypass the punch card system of the Los Angeles bus system and to manipulate phone lines in order to receive free long distance calls. These days, as cyberattacks become more prevalent and sophisticated, there are many more opportunities to use social engineering techniques. Social networks in particular provide ideal forums for such methods as the platforms connect friends and acquaintances. Since users trust other members of their networks, hackers use the system to their advantage. For instance, by breaking into an account and spamming the victim’s friends, cybercrooks can trick other victims into clicking on malicious links infected with malware.
While social networks are one of the most common popular platforms for social engineering techniques, these methods have been applied to all types of cybercrime. Phishing schemes, used to fraudulently obtain confidential information, are common scams that use such tactics to dupe victims. Typically, in a phishing scam, a cyberthief will send a fake email that appears to come from a legitimate institution, such as a bank. The email will alert the victim of a security alert, prompting him to enter his sensitive data, such as an ATM pin, into a false webpage that is controlled by the cybercrook.
The cybersecurity landscape is constantly evolving; therefore, social engineering techniques, paired with network vulnerabilities, provide ample opportunities to steal sensitive information. As internet users continue to reveal more of their personal data on sites like Facebook, social engineering is sure to become an even more popular device for hackers and cybercriminals. As a result, users can no longer trust every online interaction or message they receive. Be alert and avoid the common traps that cyberattackers employ.