With internet and computer security always at the forefront of technology, reliance remains an achilles heel for many reasons. One security issue that stands out and is often over-looked is Social Engineering.
Social Engineering is not what you think and yes, it can seriously affect your life. Social Engineers are not certified in engineering, the term is misleading at best. Social engineering, according to Wikipedia is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. Education and awareness is pertinent in prevention of social engineering tactics.
A social engineer will commonly use the telephone or Internet to trick a person into revealing sensitive information or getting them to do something that is against typical policies. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. It is generally agreed upon that users are the weak link in security and this principle is what makes social engineering possible. Social Engineering is a big word to describe a con artist.
It is highly recommended by experts that users ADD A PASSWORD to every account they have in existence, not just on or for a computer or the Internet but also accounts such as: your house phone, cell phone, electricity, water, bank, ISP and so on and so on. Also put a fraud alert on your credit account with all three such as; Experian, Equifax, and Trans Union. Call each company and add a password A.S.A.P.
I’ve had a social engineering expert (friend), try to fool accounts handlers of mine, into giving him minimal info, such as my name and city or just name (info that is and is NOT public knowledge). I was shocked at what he was able to gather from customer assistance at any company. If I went into detail as to the things anyone with simple knowledge can do with just your name or a birth date selected at random, you’d be shocked. Social Engineers contact companies by phone and pose as a computer technician or a fellow employee with an immediate access problem and then request password or user name or other critical information to gain access on their own.
With the little information my social engineering friend gathered, he was able to apply for credit cards, manipulate my current accounts and basically steal my identity all within a few minutes. I also watched him shut down the home electricity of another friend, who was aware of our research. We were both shocked to say the least.
Of course nothing is 100% secure because social engineers and hackers are always finding ways to be malicious but if you secure accounts, you can deter if not stop them from stealing from you. Computer and Internet account passwords with a phrase using alpha as well as numeric characters using uppercase and lower case combination’s will be much more secure. Strong passwords can make it difficult for hackers to generate and crack your password. Also, never save passwords on your computer unless you use an encrypted program.
Recently, Google Mail (Gmail) has been found to have a flaw where-as a user (anyone) can generate an account password eventually because it allows numerous attempts to ‘guess’ account passwords. Supposedly this flaw was fixed (for now). If you use a ‘phrase’, it would be much more difficult to ‘guess’ your account pass word with random word generation.
Strong passwords help. More Detailed Source for Internet and Identity Fraud
