I want to start this article by telling you an anecdote that happened to my mother back in 1995, for privacy reasons I will replace her real names with fictitious ones.

manipulationOn a cold and rainy afternoon…. No lie in Panama no matter if it rains it is always hot! Anyway, my father used to cut grass for a living, in my country they call them “the gentleman who cuts the grass”, one fine day a gentleman arrived at my mother’s house with an urgent voice saying “Mrs. Maria, my name is Jose, I’m FRIEND of her husband Roberto and asked me to tell him to send him the toolbox, he was cutting a hill (grass) and the machine (lawn mower) stopped”…. To which my mother, observing that I NEVER She had never seen this person in her life, although he called himself “my father’s friend”, his face looked excited, accelerated and did not give her a good feeling, to which she replied “tell Roberto that if he needs his toolbox, he should come and get it himself”.

This gentleman, very angry, replied to my mother “Mrs. Maria, you know how angry Mr. Roberto is (which he really was!!!), and if I don’t bring him the toolbox he is going to get annoyed with you”. My mother backed up her answer with a resounding NO “if he wants his box, let him come and get it himself”. The night came and my mother told my father what happened and his reaction was “tell me you didn’t give him my toolbox”. As it turns out, my father did NOT send anyone to pick up any boxes and he did NOT know a person matching the description my mother gave him. Year 1995, when we had no internet, no cell phones, and obviously NO social networks, and my mother was about to be the victim of a Master of Social Engineeringwhich gives us the message that this art has been practiced for many years and we simply called it “Scammers” or “Manipulators”.

What is Social Engineering?

manipulation

Simply put, social engineering is the art of manipulating people through psychological and technological techniques in order to obtain some form of benefit, whether it’s money, items, access to a company, or simply access to confidential information.

BUT… HOW DOES THIS HAPPEN?

In 4 simple terms, we can define the reason as our brain reacts to one of these situations:

  • Fear: “What if they get angry with me?”, “What if I get fired?”, “What if they find out?”
  • Curiosity: “This email says ‘photos’…”, “What if I won the lottery?”, “A prince donated his money to me”
  • Altruism: “Poor girl/boy needs help”, “Oh, what a pity, their resume got wet”.
  • Respect or admiration: “If the message is from XYZ, it must be true”, “He’s dressed as a police officer, so he must be one”.
Let’s remember that for many years it has been said that humans are the weakest link in the Security chain, so a criminal will attempt to exploit any vulnerability they detect in our system… Wait!! Can humans be hacked too? The answer is yes, by the same 4 terms indicated above and I give you another simple example.
Social Engineering
You work in the company Mega Company S.A. as a receptionist and suddenly a woman enters BEAUTIFULThe girl starts to cry because she is the only breadwinner in her house and she has a little brother who depends on her… very altruistic you say “Hey relax, it’s not that big of a deal I can HELPING YOU“. The BEAUTIFUL woman looks at you with those tender eyes and asks you to print her CV again and hands you a USB flash drive, but you remember that the SECURITY POLICY says that you CANNOT connect external drives… Ush and now what do I do, if this woman is beautiful, I can’t say NO…. I have it! I will tell him to send it to me in the mail. The girl sends the “Curriculum” to his email, the nice guy opens it and BINGO…. The girl receives an SMS from her outside partner saying “WE ARE IN”.

What happened here?

  • Beautiful girl (Admiration)
  • She needs help, her sibling depends on her (Altruism)

Social Engineering

The girl managed to exploit those two vulnerabilities in the gentleman manning the front desk. But how did she know it was going to work. 1 week ago they were following up with the gentleman at a coffee shop where this girl was sitting at another table and looking at him in a flirtatious way and he responded with a coy look, which tells her he likes women…. Then a girl drops her ice cream and he runs to her rescue and gives her another one and finally before leaving he turns and smiles at the beautiful lady. Nothing else to look for, a SIMPLE OBJECTIVE.

How do I protect myself?

  • DO NOT trust strangers (includes not opening messages from untrusted sources).
  • Maintain a direct line of communication (face-to-face or video call communication) and open communication with your immediate superior and your family (Do not rely on text messages, devices could be hacked and be in control of the offender).
  • Avoid posting too much information on social networks (it will be used by criminals to build the right pretext to gain your trust).
  • Avoid having personal photos on your workstation visible to others (This can be used against you, to find out that you have children, where you have gone, etc. and thus build the perfect story to gain their trust).

Social engineering

In the following link you can see a video of how social engineering is done. video

What did you think of this article? Have you gone through a similar situation in your company?

 

 

If you would like more information on this subject or personalized advice for your company, you can
contact us
or you can also
visit our website
to learn more about our services.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *