How Vulnerable can an Individual Be…
The word vulnerability in itself has so many meanings, as if it is Polymorphed in its own loop, like an OOPs concept in programming.
Cambridge University defines Vulnerability as
The quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally.
so, we can conclude from it, that it is not just related to mental & physical states , But also social & economical ones, I am obviously talking about vulnerability in terms of Hacking. If you are not into Technology that much this post is not for you.
Kevin D. Mitnick (Father of Social engineering) says Social Engineering is an art which can bypass all technologies, including Firewalls.
With the help of Social Engineering attacks even Big FAANG (Facebook,Apple,Amazon,Netflix,Google) Companies can be easily manipulated & confiscated.
Social Engineering attacks are often used on a large scale to exploit things, you must have been hearing alot that this website is hacked, that social media is hacked,etc. and in most of the hacking cases social engineering is the main tool used. so, In Hacking terms — Social Engineering is an art of exploiting & manipulating vulnerabilities of a person so they give up confidential Informations.
There are many Different kinds of Social Engineering attacks like Baiting,Scareware,Pretexting,Phishing,SpearPhishing to name a few, each having its own way of grasping.
As the Modern day Technologies are Advancing and making our life much easier & better, we are also taking some darkside of Technology with us like a Two-sided sword & one day we are all gonna be doomed by it, for eg. taking social engineering attacks in account, we ourselves fall pray to it in our day-to-day life, making scammers targets us easily; as if we have already sold our data by ourselves, So think before divulging & stay vigilant.
Security is all about knowing who and what to trust. It is important to know when and when not to take a person at their word and when the person you are communicating with is who they say they are. The same is true of online interactions and website usage: when do you trust that the website you are using is legitimate or is safe to provide your information?
Ask any security professional and they will tell you that the weakest link in the security chain is the human who accepts a person or scenario at face value. It doesn’t matter how many locks and deadbolts are on your doors and windows, or if have guard dogs, alarm systems, floodlights, fences with barbed wire, and armed security personnel; if you trust the person at the gate who says he is the pizza delivery guy and you let him in without first checking to see if he is legitimate you are completely exposed to whatever risk he represents.
How Social Engineering Attacks Occurs ?
As you’ve learned, social engineering involves a malicious actor researching about you and your organization to learn about you so they can use that information to dupe you into sharing information or doing something that you shouldn’t.
Social engineering isn’t an impatient man’s game. Unlike traditional phishing attacks, which can involve sending out mass emails to thousands of people with the hope of tracking even just one into clicking on a malicious link, social engineering attacks are more targeted. Cybercriminals can spend a few hours or even days, weeks, or months preparing to make their move.
So, how does one of these attacks occur? Often times, it
boils down to finding the right person to target and finding — or creating —
the right opportunity.
According to Kevin D. Mitnick in an Interview with THE WIRED:
Every case involving cybercrime that I’ve been involved in, I’ve never found a master criminal sitting somewhere in Russia or Hong Kong or Beijing. It always ends up that somebody at the company did something they weren’t supposed to do. They read an email, went to a website they weren’t supposed to. So they opened the door that allowed the person to get in.
It’s not that these people are that talented but they wait knowing that with a company of 10,000 employees someone is bound to open the door. They just wait for that door to be open.”
What you didn’t know is that the attachment you opened ,was actually a malicious file. Now, not only have you sent a payment to a fraudulent account, but you’ve also opened up your company’s network and IT systems to a hacker.
How can you Protect Yourself from becoming a Victim?
As an Ethical hacker, there is not such specific solitary way, But we can take some necessary measures & precautions as such:
- Delete any request for financial information or passwords: If you get asked to reply to a message with personal information, it’s a scam.
- Reject requests for help or offers of help: Legitimate companies and organizations do not contact you to provide help. If you did not specifically request assistance from the sender, consider any offer to ’help’ restore credit scores, refinance a home, answer your question, etc., a scam. Similarly, if you receive a request for help from a charity or organization that you do not have a relationship with, delete it. To give, seek out reputable charitable organizations on your own to avoid falling for a scam.
- Set your spam filters to high. Every email program has spam filters. To find yours, look at your settings options, and set these to high–just remember to check your spam folder periodically to see if legitimate email has been accidentally trapped there. You can also search for a step-by-step guide to setting your spam filters by searching on the name of your email provider plus the phrase ’spam filters’.
- Secure your computing devices. Install anti-virus software, firewalls, email filters and keep these up-to-date. Set your operating system to automatically update, and if your smartphone doesn’t automatically update, manually update it whenever you receive a notice to do so. Use an anti-phishing tool offered by your web browser or third party to alert you to risks.
- Email hijacking is rampant. Hackers, spammers, and social engineers taking over control of people’s email accounts (and other communication accounts) has become rampant. Once they control an email account, they prey on the trust of the person’s contacts. Even when the sender appears to be someone you know, if you aren’t expecting an email with a link or attachment check with your friend before opening links or downloading.
- Beware of any download. If you don’t know the sender personally AND expect a file from them, downloading anything is a mistake.
- Foreign offers are fake. If you receive an email from a foreign lottery or sweepstakes, money from an unknown relative, or requests to transfer funds from a foreign country for a share of the money it is guaranteed to be a scam.
So, to conclude this write-up, Dont become too fragile to give up that easily, What you cannot see in front of yourself because of the Greediness that is about to shatter you completely. Take your weaknesses as your strength and redefine Vulnerability as The Birthplace of Innovation, Creativity & Change :)
