Stuhr in March 2020. There are many different methods that hackers use to try to gain access to sensitive data from companies , government agencies or private individuals.
Fraudsters do not always rely on purely technical means such as hacking IT systems, but sometimes also specifically on the trustworthiness of their fellow human beings – such as the check fraudster Frank William Abagnale Jr., known from the Hollywood film “Catch Me If You Can”. With the social engineering method, hackers also specifically target the weakest link in the chain of data protection: people.
“Social engineering is interpersonal influence with the goal of inducing certain behaviors in people and obtaining confidential information. If this method is used to penetrate another person’s computer system, it is also referred to as social hacking,” explains Haye Hösel, Managing Director and founder of HUBIT Datenschutz GmbH & Co. KG.
Lengthy data collection Data theft
So-called social engineers spy on their victims’ personal environment or fake identities in order to obtain confidential company information, mom database personal passwords, or PIN numbers, for example. “Company employees are often contacted by email or phone and questioned about specific information.
The hackers pose as managers or technicians, for example, and demand confidential access data. Sometimes the fraudsters also claim to be a customer or supplier and thus collect various data over an extended period of time—this spying can even take half a year,” reports Hösel.
Small snippets of information, such as procedures or company hierarchy, are usually researched in advance using publicly accessible sources. These help the hacker feign insider knowledge and thus facilitate interpersonal manipulation.
Be careful on social networks
In the private sphere, social engineering often occurs via social media . Perpetrators usually send friend requests to acquaintances of the intended andrew murrell general manager digital and direct channels victim. If the person agrees to such a request, the target person also receives one. Since the acquaintances are already “friends” with the fraudster, thus establishing a seemingly personal connection, the actual target person often agrees as well.
“Through posts, likes, and photos, perpetrators gather initial information and learn something about the target’s personality. In chats, hackers can request further information and thus expand their knowledge. Sometimes, after a certain amount of time. They even fake an emergency to ask for further details that people would not normally disclose—but do so in a stressful situation,” says the data protection officer.
This method gained widespread notoriety, especially through the US hacker Kevin Mitnick, who became one of the most wanted people in the United States by hacking into other people’s computers . In his book, he describes how social engineering leads to the desired information much faster than purely technical methods.
Prevention through awareness-raising
To protect yourself from this method, it is important for private individuals and employees in companies to raise awareness of social engineering, for example through data protection training.
“In general, it’s advisable to be suspicious of emails and calls from unknown people and, if in doubt, never share sensitive data. Advises Hösel, adding. Links from seemingly familiar senders that actually originate from a foreign email address should also not be opened. Hackers are increasingly using familiar layouts, such as those from a financial institution, that lead to a login page. This is how they try to steal your username and password. To avoid revealing your login information to fraudsters
It’s advisable to bookmark important pages and always use this access to log in.”
Emails, calls, or text messages that promise belgium numbers rewards in exchange for sharing personal information should be ignored. After all, hardly anyone has anything to give away. Finally, critically rethinking the sharing of private content on social media is a simple step toward greater security .
