We have all heard the stories on the news about major companies being hacked, data breaches, electronic fraud, identity theft etc. It is the norm nowadays since everything is so connected. "Social engineering" is something that dates back to the early days of hacking. In fact, Kevin Mitnick is the famous hacker that used this method when he was only 15.
But what is "Social Engineering?" It is simply the ability to make a person believe a lie to coerce them into trusting that someone has their best interest in mind and they are here to help you, when in fact they are trying to steal from you. This could be a file on your system from Turbo Tax, the passwords for your banking site that you told the browser to always remember, infect your system to launch a multi-headed attack against a large company DDOS (distributed denial of service) or participate in a large botnet to send spam. The list goes on and on.
From the reports that I have seen recently, there is an uptick in these attacks by calling people on the phone and informing them that they have an issue with their Windows machine and the caller is here to help. They will usually tell a person to go to a website and download an application that will give them complete access to your machine so that they can remotely assist you in removing this malicious application, when in fact they are going to install one without your knowledge. One type of these applications is called "Ransomeware." This application makes your data unreadable without a password and the hacker demands money to give you access to your files again. Even if you pay, it is unlikely that you will gain access to your files again as they have achieved the goal and just move on to the next victim.
So what can you do? Pretty simple: hang up if you get one of these calls! If you are at all concerned, let them know that you are calling the company directly to verify. Usually, if you express resistance they will reveal themselves with insults and hang up on you.
Next installment: Phishing VS. Spear Phishing.