Lavasoft News Lavasoft News

Understanding Social Engineering

Each month in Lavasoft News, we bring you updates on the latest specific threats to your online security, so you can be aware of them, and how to stay safe. At the heart of many of these malicious ploys is one underlying concept: social engineering. Deceptive social engineering tactics are interwoven throughout the Web, as you shop, bank, and socialize online. Keep reading to learn how to recognize these attacks and avoid them.

What is Social Engineering?

You may have heard the phrase 'social engineering' before, but what exactly is it? Social engineering is when a scammer - rather than using technical hacking techniques - manipulates, tricks or deceives people into performing certain actions or divulging personal information.

Social engineers take advantage of human behavior to pull off their scams — with the aimed end result of infecting a user with malware, and stealing personal information or money.

Social engineering attacks are becoming more complex and increasingly prevalent, according to security experts. "The nature of malware infections has changed during the past years. A long time ago, malware and viruses were spread in much less sophisticated ways. Now, malware authors constantly invent new intellectual ways to manipulate people and compromise their machines," says Andrew Browne, malware analyst at Lavasoft Malware Labs.

And these types of attacks are on the rise. "Lavasoft Malware Labs has seen a major increase in obfuscated downloads which make use of social engineering tricks. The target has moved from the actual computer to full focus on users," Browne says.

What Methods Do Attackers Use?

Social engineering attacks aimed at home computer users often take advantage of basic human emotions to manipulate and persuade people to fall for their ploys — including curiosity, fear, and empathy. Let's take a look at some common methods of exploitation based on these emotions:

  • Curiosity. Exploiting a person's curiosity might involve sending an e-mail that purportedly contains a link to watch a video about the latest sensational news story. The link, however, will lead to a malicious site aimed at installing malware or stealing private information.
  • Fear. One tactic cyber thieves use to instill fear and persuade a person to act in a certain way is by sending phishing e-mails, supposedly from a victim's bank. Using the claim that his or her account has been breached, the message will push the user to click a certain link to validate the account. Again, the link will lead to a malicious site aimed at compromising the person's computer, or stealing sensitive information.
  • Empathy. To take advantage of a person's empathetic feelings towards others, hackers have been known to impersonate victims' friends on networking sites, claiming to urgently need money. In another prime example, recent social engineering scams have also been seen in the wake of the earthquake and tsunami in Japan, with scammers attempting to profit from the tragedy.

While the above tactics are common ploys, it's important to keep in mind that there are many other methods used by scammers; we can expect almost limitless variations on tried and true attacks that have been found to be successful in the past.

All of these tactics, however, involve an interactive choice by the computer users — meaning that, armed with the right knowledge, you can effectively choose to not be the victim.

What Can You Do To Avoid Becoming A Victim?

Protecting your PC with trusted security software is an effective first step to help keep you safe from social engineering attacks. But, you also need to be aware of social engineering tactics, and employ a healthy dose of skepticism when online.

"The most important thing for users to do is to use common sense while surfing the web," Browne says.

For more information, the United States Computer Emergency Readiness Team (US-CERT) has compiled additional helpful guidelines to avoid being a victim in its Cyber Security Tip on social engineering attacks.

Share Home
Get Ad-Aware Pro
Did You Know?
Facebook now lets you secure your session from hackers and spies by enabling HTTPS encryption. Here's how to enable it:
Secure Your Session Video
Source: Cnet
By The Numbers
Only 33% of Internet users say they worry about how much information is available about them online.
Source: Pew
By The Numbers
Over 40% of social network users posted their full date of birth online, opening themselves up to identity theft.
Source: Consumer Reports' State of the Net 2010
Facebook LinkedIn Twitter YouTube
Pass on the news, tips and offers in this issue - e-mail Lavasoft News to a friend.
Lavasoft Newsletter

Lavasoft Limited, 40/D, St. Julian's Court, Sur Fons Street, St. Julian's, Malta |

Add to your address book to ensure we reach your inbox.

You have received this message because you have registered to get information about Lavasoft and its products. If you would like to update your details or would like to unsubscribe, please click here.

For information on Lavasoft‘s Privacy Policy, please click here.

PLEASE DO NOT REPLY TO THIS MESSAGE. If you require Technical Support, please check the Lavasoft Support Center for information.

Copyright © 2011 Lavasoft Limited. All rights reserved.