Social Engineering: How Do People Trick Other People About Computers?

“Social engineering” is using information about the person to get them to trust them. This can often include exploiting someone’s willingness to help or get help:

  • “Phishing” involves sending fake information (usually an email) that looks legitimate. “Spear phishing” is a highly sophisticated version of it that targets one person, usually with plenty of personal information.
  • “Pretexting” uses subtle appeals to reliable sources to gain that person’s trust (“I’m from the FBI…”).
  • “SEO poisoning” uses illegitimate techniques to rank higher on search engines (“search engine optimization”) to get people to go to their website.
  • “Something for something” is giving something (usually free) to someone in exchange for their information.

Social engineer hackers are often very patient. They’ll spy on someone for weeks and months to check for the following:

  1. Something of value they can theoretically attain.
  2. Routine behavior that they can exploit.

“Ransomware” is software designed to block off information until someone pays money. By transferring the money through cryptocurrency, it can be difficult to trace the transaction.

“Malvertising” is advertising designed to look like another legitimate product, but is actually malware.

Identity Theft

Typically, in a modernized society, hackers only need very few pieces of information to authenticate themselves as someone else:

  • Someone’s full name, date of birth, and social security number are enough to fraudulently get a new credit card, get insurance, secure a loan, and many other activities.
  • A few pieces of information from social media can guess someone’s password security questions.

“Sim swapping” is when a hacker can acquire a phone number’s two-factor authentication by authorizing a cell carrier with fraudulent information to migrate that phone number to another phone.