Social Engineering on Social Media
12 June 2017
Social engineering is a process that cyber criminals use to psychologically manipulate an unsuspecting person into divulging sensitive details (such as passwords) through the use of techniques like phishing, identity theft, and spam.
For the longest time, social engineering has been used to exploit human behaviour and bypass complex and secure infrastructure and systems. It is commonly seen in Hollywood movies where “Pretexting” is commonly used to get vital information out of individuals. However, with the advent of social media and the Internet, social engineering has become easier and more commonplace.
According to a security industry survey, social engineering tops the list of the 10 most popular hacking methods. For example, have you ever received an email saying that your computer has been infected by a virus and prompted you to install a programme? Or an email from your “bank” asking you to activate your credit card by providing a bogus link and asking for your personal information? Or have you landed on a website that looks like Facebook, but isn’t?
If your answer is yes, then you have already encountered Social Engineering.
More recently, cyber criminals have been taking advantage of our human desire for news and social relevance to socially engineer us into giving away vital information. One example is Steve Job’s death and the free iPad scam. When Steve Jobs passed, Facebook was inundated with tons of links about Apple and companies giving away FREE iPads to honour Steve Jobs. It went viral within hours of the news of Steve Jobs’ death, making it more believable and socially relevant, as news of his death continued to spread.
There were many variants of these scams, ranging from the more innocent (getting people to Like a Facebook page) to the more sinister (bringing people to a site designed to look like the Apple website and asking users for personal information to send them the iPad).
Another point cyber criminals take advantage of is our trust and dependence on common social trust cues. For example, if something has hundreds of Likes or Shares or if a friend had shared it, people mistakenly think it should be legitimate. It is the same with YouTube videos or Twitter accounts. If they have millions of views or thousands of followers, people mistakenly think the information should be trustworthy. The scammers know this and they have used this to their advantage. This is how the Steve Job Free iPad scam propagated and was made viral.
Celebrity news is also always popular, especially fake deaths. While it may seem like an innocent hoax, it could have easily been exploited by cyber criminals to get you to click on a malicious link.