Logo Intuity
Contacts

Social Engineering: why does cybercrime like it so much and why does it work?

Share article

Very often articles or blogs about computer security list a series of technical measures to be able to cope with certain computer risks. The logic behind these contents is: a given problem corresponds to a given technological remedy, the end of the problem. This approach that we call Technology-Centric is correct but not enough to address the dilemma of Cybersecurity; we prefer to face it with a People-Centric approach that puts people, not so much technologies, at the center of the business security process.

Social Engineering

The objective of this article and the next ones is to deepen the knowledge on some techniques of attack computer for which users are in effect the only countermeasure and where the technology on this field remains on the bench.

These types of cyber threats that target only users, which are used a lot by hackers, are defined by the term Social Engineering, as they aim to exploit reckless and reckless behavior of people to obtain information or spread dangerous malware, leveraging psychological persuasion and human weaknesses.

Why has Social Engineering become the most widely used hacking technique? Attackers have realized that it is much easier and more profitable to exploit human vulnerabilities than technological vulnerabilities to get to business data or to cause image damage, ransomware is a striking demonstration, as is the theft of credentials. In fact, the increasingly frequent use of services in the Cloud shortens the distance between business data and external dangers, making access to information and business dependent on the use of credentials.

Social Engineering is therefore very popular with hackers because it allows them to bypass technological defenses by focusing on the human factor: many gains in a short time and without effort.

The content

The content used to lure their victims is made by focusing on the feelings of the users, for example:

  • Curiosity: fake-news about celebrities or really unusual facts;
  • Fear: PC compromise;
  • Emotion: petitions for good;
  • Situations: Christmas or other holiday offers;
  • Hurry: mail account or expiring bank accounts.

It is the creation of a real scam to persuade the victim to take a certain action, such as: confirm the login credentials for a fake problem to the mail account or the current account, fill in a form to get login and password or insert a USB stick in your PC.

Methods

The methods and techniques of deception by which these frauds reach people are of various kinds, here are some:

The countermeasure to Social Engineering is first of all the awareness of people and that is why we consider the People-Centric winning approach to dealing with problems related to Cybersecurity.

From here begins our journey into the world of hacking and social engineering, we will find out not only how to recognize these cyber dangers, but also how to make users aware. FOLLOW US!