What is behind almost every successful hacking attack?
If you guessed Social Engineering you would be correct. Social Engineering is behind almost every successful hacking attempt on business across the country.
Social Engineering has been updated over the years and although terminology such as “phishing” and “smishing” are used to describe specific tricks used, they always rely on human interaction to work.
Here are the seven deadly sins according to Professor Alan Woodward at the University of Surrey.
Apathy – To fall for a confidence trick or worse, we assume that those around us, or the coffee shop, or our business network IT professionals must have taken all the required steps to keep us secure.
When we stay in a hotel according to Dr. Woodward we program ourselves to trust the room safe to keep our belongings safe but how many of us check to see if the manufacturers override code has been left programmed into the safe. It is almost always 0000 or 1234, check it out next time.
Curiosity – According to Dr. Woodward, humans are curious by nature. It is this curiosity that often leads to many casualties. Criminals know we are curious and they try to lure us in. When Aunt Jenny sends us pictures of her cat, we are curious and want to see how the kittens look, even if we don’t have an Aunt Jenny. This leads to a trap just waiting to be opened. There was a test done recently when website programmers built a website with a button stating do not press. They were shocked to see the numbers of people that clicked on the do not press button. Always practice a degree of suspicion.
Gullibility – We all suffer from being gullible. We take others at face value, especially those outside our areas of specialty or expertise. When someone puts on a uniform, we assume they have authority or if they have an official logo or appearance we just may fall for their instructions, no matter how silly they seem to be.
Courtesy – We teach our children to be polite. However, politeness does not mean you should not discriminate. If you get that email or twitter post and it doesn’t feel quite right, ask. We don’t believe someone when they call us on the telephone saying they are from our bank do we? Most of us call the bank back to verify or at least ask verification questions to confirm their identity. The same should hold true online.
Greed – Despite our upbringing we are all susceptible to greed even though it may never feel like greed. Since the early days of the Internet, the very culture of the Internet has been to share items, many times for free. During the Internet commercialization era of the mid 90’s, many of us still had the mindset of getting something for nothing. Nothing is ever truly free. Keep in mind; if you are not the paying customer, you are very likely to be the product. Hackers use computers to distribute malware to use your computer cycles to share spam or spread the malware.
Diffidence – Many of us are reluctant to ask a stranger for identification and online it is more important than ever to establish the credentials of those you entrust with your confidential and sensitive data. One of the biggest scams in 2012 was the “fake Microsoft support” or “your computer is causing problems on the Internet” call. Have they really called everyone else in the building before determining that you are the problem? If someone has a challenge proving who they are, turn around and run.
Thoughtlessness – Think before you act! This is the most effective way to protect yourself online. If it is too easy to click on that link, stop! It is so easy to make links appear valid in an email and to the untrained eye, everything looks above board. Your bank, cable company, insurance rep or mortgage holder will never email you without calling first. Practice ABC according to Prof. Woodward:
- Assume Nothing
- Believe No One
- Check Everything
More and more people will be going online over the Christmas season, and so are the criminals. Watch out for those who plan to exploit these deadly sins that Prof. Woodward shared in his BBC article.
Remember that a little paranoia goes a long way online.
“[Your] professionalism in dealing with this situation at the Zero hour is definitely a rarity. Your team’s response was to take on a project that you had no prior knowledge of other than a customer was in a tight spot and needed assistance.”