{"id":6012,"date":"2016-11-22T16:40:31","date_gmt":"2016-11-22T08:40:31","guid":{"rendered":"http:\/\/staging.bankvaultonline.com\/?p=6012"},"modified":"2016-11-22T16:40:31","modified_gmt":"2016-11-22T08:40:31","slug":"5-ultimate-social-engineering-prevention-techniques","status":"publish","type":"post","link":"https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/","title":{"rendered":"5 Ultimate Social Engineering Prevention Techniques"},"content":{"rendered":"

What is Social Engineering?<\/h2>\n

Social engineering is a ‘deadly’ art form which relies on persuasive psychology to manipulate victims to give up confidential information. Social engineers (the perpetrators) seek various types of information to deceive you into providing your confidential information such as banking details, passwords, and other information. They may also secretly install malicious software onto your computer which gives them control over your computer without you even knowing.<\/p>\n

These scam artists use social engineering techniques to exploit people’s natural inclination to trust others. In general, it is much easier to trick someone into giving you their password than it is to\u00a0guess their password unless the password is weak.<\/p>\n

Even though cyber attacks may occur, the IT Department is not always to blame. While cyber security does rely on great anti hacking software, cyber security is also about actually taking in those tips and knowing whom and what to trust. Whether it’s a scam via the phone or on the internet – humans are the weakest link in the security chain. All the deadlocks and security alarm systems in the world cannot save you if you shout your passwords loudly across the office or put them on sticky notes for all to see.<\/p>\n

Here are the 5 ultimate social engineering techniques that actually work to fool unsuspecting victims:<\/p>\n

#1 Familiarity Exploit<\/h3>\n

(Editor\u2019s Note:<\/strong> If you manage your company\u2019s payroll or do any other type of online banking you\u2019ll want to read and understand this.)<\/em><\/p>\n

\"social<\/a><\/p>\n

Called by many as the \u2018cornerstone of social engineering\u2019 the familiarity exploit succeeds because the social engineer does a good job of convincing the people around him\/her that he\/she should be there \u2014 in this case walking the halls of an office with physical access to company work stations and computers.<\/p>\n

People are far more willing to give assistance and information to those they recognize and know \u2014 even if only little. That familiar person, in the eyes of the target, doesn\u2019t set off any alarm bells about who that person is and why that person is wandering the office.<\/p>\n

Social engineers do this in many ways but mainly it involves physically getting into a targeted business and getting your targets familiar with your presence and personality. In larger companies, social engineers have been known to gain access by \u2018tailgating\u2019 (sliding in behind a large group as it goes through a secure door) and then pretending to be a company consultant.<\/p>\n

In one well known hacking case at a major New York financial services company, a hacker spent 2 days \u2018working\u2019 in one of the target company\u2019s conference room. After he felt recognition and trust he struck: inserting a USB with key loggers and other malware into 5 company computers. Once the malware was installed he left, now free to strike from a distance at optimal time.<\/p>\n

The larger the office, the harder it is to protect oneself against this technique. Having said that, you can protect your business from it by frequently checking visitors and foreign faces to see if they have a legitimate reason to be in the office.<\/p>\n

But remember, once the social engineer has succeeded in infecting even one company workstation, access to private financial data through the company network is not too far off.<\/p>\n

 <\/p>\n

#2 Hostile Situation<\/h3>\n

 <\/p>\n

Social engineering is a term that describes how a hacker uses psychology and human emotion to gain access to a computer network. This technique preys on mankind\u2019s fundamental, \u2018cognitive laziness\u2019 in a negative way.<\/p>\n

The \u2018hostile situation\u2019 technique draws its considerable strength from the fact that people have a deep seated urge to withdraw from conflict \u2013 and from those who appear angry or upset.<\/p>\n

Simply put, if you are angry people are much less likely to stop you. In fact, some studies have shown that people are more likely to heed the request from an angry person over a nice person. The urge to avoid conflict it that ingrained.<\/p>\n

It\u2019s a diversionary tactic that leverages that need to withdraw from negativity by manufacturing and bringing a hostile situation to a person managing access to a place, room, building, etc…, hoping that, in an effort to avoid the situation, a security guard will just wave the person through.<\/p>\n

One example would be to pretend to be on the phone having a heated argument as one passes through a situation where, under calm circumstances, one\u2019s presence might be stopped and verified. Like an office building checkpoint.<\/p>\n

The \u2018hostile situation\u2019 technique been around for centuries for one simple reason: it works. Be sure your employees are aware of it.<\/p>\n

 <\/p>\n

#3 Offline Information Gathering<\/h3>\n

\"social<\/a><\/p>\n

Social engineering is all about gathering the bits and pieces of information that, when pulled together, give a hacker the ability to break into a system and hack it. Much of social engineering revolves around how a hacker gets the access to be able to steal information. But, an equally large part of social engineering are how a hacker uses public spaces and sources of information to compile the personal profiles they need to break into a system.<\/p>\n

To put it another way, the more information one has about their \u2018mark\u2019 the faster one will be able to exploit the mark. If you review the history of social engineered hacks you\u2019ll find a lot of old-fashioned, offline work.<\/p>\n

For example, check out the story of Stuxnet<\/a>. This hack, where a joint team of US and Israeli intelligence specialists planted malware inside Iran\u2019s uranium enrichment program that destroyed its centrifuges succeeded because an employee picked up a USB that had been dropped in the parking lot of the centrifuge facility.<\/p>\n

A social engineer will comb the parking lots of a target business \u2013 finding cars that are unlocked or easily opened that might have security badges, paperwork, devices, etc..<\/p>\n

A good social engineer will notice (and when possible) photograph personal details and pictures an employee might have on display in their office. A picture of a favorite vacation place could be a password clue.<\/p>\n

Social engineers leverage the leveling power of alcohol \u2013 usually by following employees to the office bar. Much can be learned simply by over hearing work talk.<\/p>\n

Or she might tail a mark to learn their patterns and likes and dislikes \u2013 all good data points that can facilitate a personal connection to the mark.<\/p>\n

Finally, there is the online treasure trove of social media. Social engineers have sophisticated tools to index, sort, correlate, derive and compile personal information most people would NEVER reveal. Be wary of what you put online into the public domain.<\/p>\n

#4 The Inside Job<\/h3>\n

If the mark is big enough, a social engineer will often go big and actually get a job at his\/her target company. That is technique #4 of our series and is most often done at small to medium-sized businesses.<\/p>\n

Studies show that a majority of small to medium-sized businesses do not perform even simple background checks on new hires. Large companies will but they are typically not very extensive. Regardless of the size of the company, most background check protocols don\u2019t do a very good job of compiling a prospective job candidate\u2019s social\/online profile.<\/p>\n

At this writing screening for potential inside-job hackers is not very well developed or sophisticated. However difficult it is to spot, companies \u2013 especially small to medium-sized companies \u2013 need to be aware of it and have employee monitoring protocols in place.<\/p>\n

The risk is substantial. One need only look at one of 2014\u2019s biggest hacks \u2013 the Sony Pictures hack, now believed to have been an inside job<\/a>.<\/p>\n

#5 Body Language Mirroring<\/h3>\n

Social engineering is inseparable from human psychology and the better a social engineer understands psychology the most successful (and dangerous) the hack. This brings us to our fifth social engineering technique: body language mirroring.<\/p>\n

Like the familiarity exploit, body language mirroring creates subconscious identification between social engineer and his\/her mark.<\/p>\n

According to master social engineer Chris Nickerson, body language is a social engineer\u2019s most powerful tool. Breathing when the mark breathes, recognizing and emphasizing with the mark\u2019s emotions, smiling at the right times, being friendly and polite but not overly so: it\u2019s all about making the mark comfortable.<\/p>\n

<iframe width=”560″ height=”315″ src=”https:\/\/www.youtube.com\/embed\/HW9hH0vlPEM” frameborder=”0″ allowfullscreen><\/iframe><\/p>\n

Body language mirroring creates a level of identification that makes marks WANT to help you and feel good while doing it. And it works. A truly great social engineering hack is one where the mark doesn\u2019t even realize he\/she has been had. Body language mirroring makes it possible. It makes marks comfortable.<\/p>\n

And once a mark is comfortable it will do things like let you into a data center without asking for your ID. That is the essence of successful social engineering.<\/p>\n","protected":false},"excerpt":{"rendered":"

What is Social Engineering? Social engineering is a ‘deadly’ art form which relies on persuasive psychology to manipulate victims to give up confidential information. Social engineers (the perpetrators) seek various types of information to deceive you into providing your confidential information such as banking details, passwords, and other information. They may also secretly install malicious […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[356],"tags":[123,361,419,164,422,420],"class_list":["post-6012","post","type-post","status-publish","format-standard","hentry","category-explainers","tag-classic-hacks","tag-familiarity-exploit","tag-hacks","tag-social-engineering","tag-sony-hack","tag-stuxnet"],"yoast_head":"\n5 Ultimate Social Engineering Prevention Techniques<\/title>\n<meta name=\"description\" content=\"Social engineering is the dark art of manipulating people to get their confidential information. Discover the 5 ultimate techniques used to prevent attacks!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"5 Ultimate Social Engineering Prevention Techniques\" \/>\n<meta property=\"og:description\" content=\"Social engineering is the dark art of manipulating people to get their confidential information. Discover the 5 ultimate techniques used to prevent attacks!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/\" \/>\n<meta property=\"og:site_name\" content=\"BankVault\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/BankVaultOnline\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-11-22T08:40:31+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/staging.bankvaultonline.com\/wp-content\/uploads\/2015\/07\/Social-Engineers-at-Work.jpg\" \/>\n<meta name=\"author\" content=\"BankVault\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@bankvaultonline\" \/>\n<meta name=\"twitter:site\" content=\"@bankvaultonline\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"BankVault\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"5 Ultimate Social Engineering Prevention Techniques","description":"Social engineering is the dark art of manipulating people to get their confidential information. Discover the 5 ultimate techniques used to prevent attacks!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/","og_locale":"en_US","og_type":"article","og_title":"5 Ultimate Social Engineering Prevention Techniques","og_description":"Social engineering is the dark art of manipulating people to get their confidential information. Discover the 5 ultimate techniques used to prevent attacks!","og_url":"https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/","og_site_name":"BankVault","article_publisher":"https:\/\/www.facebook.com\/BankVaultOnline\/","article_published_time":"2016-11-22T08:40:31+00:00","og_image":[{"url":"http:\/\/staging.bankvaultonline.com\/wp-content\/uploads\/2015\/07\/Social-Engineers-at-Work.jpg","type":"","width":"","height":""}],"author":"BankVault","twitter_card":"summary_large_image","twitter_creator":"@bankvaultonline","twitter_site":"@bankvaultonline","twitter_misc":{"Written by":"BankVault","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/#article","isPartOf":{"@id":"https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/"},"author":{"name":"BankVault","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/76e0aa85d5ac5405b47c0760eb9ab639"},"headline":"5 Ultimate Social Engineering Prevention Techniques","datePublished":"2016-11-22T08:40:31+00:00","dateModified":"2016-11-22T08:40:31+00:00","mainEntityOfPage":{"@id":"https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/"},"wordCount":1481,"publisher":{"@id":"https:\/\/www.bankvault.com\/#organization"},"image":{"@id":"https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/#primaryimage"},"thumbnailUrl":"http:\/\/staging.bankvaultonline.com\/wp-content\/uploads\/2015\/07\/Social-Engineers-at-Work.jpg","keywords":["classic hacks","familiarity exploit","hacks","social engineering","Sony hack","stuxnet"],"articleSection":["Explainers"],"inLanguage":"en-AU"},{"@type":"WebPage","@id":"https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/","url":"https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/","name":"5 Ultimate Social Engineering Prevention Techniques","isPartOf":{"@id":"https:\/\/www.bankvault.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/#primaryimage"},"image":{"@id":"https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/#primaryimage"},"thumbnailUrl":"http:\/\/staging.bankvaultonline.com\/wp-content\/uploads\/2015\/07\/Social-Engineers-at-Work.jpg","datePublished":"2016-11-22T08:40:31+00:00","dateModified":"2016-11-22T08:40:31+00:00","description":"Social engineering is the dark art of manipulating people to get their confidential information. Discover the 5 ultimate techniques used to prevent attacks!","breadcrumb":{"@id":"https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/"]}]},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/#primaryimage","url":"http:\/\/staging.bankvaultonline.com\/wp-content\/uploads\/2015\/07\/Social-Engineers-at-Work.jpg","contentUrl":"http:\/\/staging.bankvaultonline.com\/wp-content\/uploads\/2015\/07\/Social-Engineers-at-Work.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.bankvault.com\/5-ultimate-social-engineering-prevention-techniques\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.bankvault.com\/"},{"@type":"ListItem","position":2,"name":"5 Ultimate Social Engineering Prevention Techniques"}]},{"@type":"WebSite","@id":"https:\/\/www.bankvault.com\/#website","url":"https:\/\/www.bankvault.com\/","name":"BankVault","description":"cybersecurity","publisher":{"@id":"https:\/\/www.bankvault.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.bankvault.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-AU"},{"@type":"Organization","@id":"https:\/\/www.bankvault.com\/#organization","name":"BankVault","url":"https:\/\/www.bankvault.com\/","logo":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.bankvault.com\/wp-content\/uploads\/2018\/11\/BankVault-Logo-Light.png","contentUrl":"https:\/\/www.bankvault.com\/wp-content\/uploads\/2018\/11\/BankVault-Logo-Light.png","width":1212,"height":275,"caption":"BankVault"},"image":{"@id":"https:\/\/www.bankvault.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/BankVaultOnline\/","https:\/\/x.com\/bankvaultonline"]},{"@type":"Person","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/76e0aa85d5ac5405b47c0760eb9ab639","name":"BankVault","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","caption":"BankVault"},"url":"https:\/\/www.bankvault.com\/author\/bankvault\/"}]}},"_links":{"self":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts\/6012","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/comments?post=6012"}],"version-history":[{"count":0,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts\/6012\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/media?parent=6012"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/categories?post=6012"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/tags?post=6012"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}