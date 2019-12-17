By | Anil Rachamalla | Published: 12:10 am 10:35 pm

Hacking human mind is much easier than hacking a computer or business. Attackers prey on human weaknesses like fear, greed, trust, desire, ego, sympathy, ignorance, carelessness and haste. Hacking is a growing menace and these insanely easy social engineering tactics can result in major security breach.

Show these tips to your friends and family members so that no individual or business would become a victim to the hacker. The two basic types of Social Engineering Tactics are phone and digital.

Phone:

Here are a few common tactics used by the hackers to deceive, gain trust and get Information over phone.

Panic: When someone calls you pretending to support and present a frantic scenario that compromises your safety (like resetting your password or allowing remote access)

Anger: When someone calls you pretending they are in a position of authority (like executive or manager) and uses anger to intimidate.

Donations: When someone calls you disguised as someone from a known organisation you might be interested in (political, university, disaster relief, NGO etc.)

Vishing: When someone calls you with a pre-recorded message pretending to be your bank and asks you to call a number to confirm your account and transactions.

Smishing: When someone sends you a text message to lure into a specific course of action. Like phishing, it can be clicking on a malicious link or divulging information

Juice jacking: When someone offers a charging port that doubles as a data connection, typically over USB. This often involves either installing malware or surreptitiously copying sensitive data from a smart phone, tablet, computer or other devices.

Digital:

Here are a few common tactics used by hackers through email, websites and social media.

Pretexting: When someone sends you an email with a domain that looks trustworthy and has addresses from a known contact from that domain. Often there is an attachment that contains malware.

Phishing: When someone publishes a fake website that mimics a brand and service to gain your trust. These websites will request information through forms and offer downloads containing malware.

Social Media Phishing: When someone creates a social media page identical to a trusted brand. The account will try to publish relevant content that persuades you to click and download a malicious file.

Reverse Engineering: When someone executes minor attack on your computer to expose vulnerabilities, and contacts you offering to ‘fix’ the problem.

Quid pro quo: Quid pro quo means something for something. It is when someone calls random numbers at a company and claims to be calling back from the technical support. Eventually the person will hit someone with a

legitimate problem who feels grateful that someone is calling back to help them. The attacker will ‘help’ solve the problem and, in the process, have the user type commands that give the attacker access to launch malware.

Baiting: Baiting is like the real-world Trojan horse that uses physical media and relies on the curiosity or greed of the victim. In this, attackers leave malware-infected USB flash drives in locations people will find them (bathrooms, elevators, sidewalks, parking lots, etc.), give them legitimate and curiosity-piquing labels, and subsequently trasps them.

Typo Squatting: When someone uses identical brand URLs and mimics the brand to gain trust. The fake website can easily collect form information if the typo is not noticed.

Friendly Emails: When someone sends you an email either from a hacked account of a friend or creates a similar account and uses your friend’s name. Often there is an attachment that contains malware.

– Anil Rachamalla

– End Now Foundation, www.endnowfoundation.org

Stay tuned to Cyber Talk column every Tuesdays for real time examples of Cyber Crimes happening through social engineering tactics.

