When many people think of cybercrime, they think of a bearded guy tapping away at his keyboard in a dark room, searching for vulnerabilities in the network that can be exploited. While exploits are a significant threat, the reality is that many attacks happen in smoother and more subtle ways. Why spend days trying to get in the backdoor when an attacker can ask nicely to be let in through the front? This is the essence of social engineering.
A social engineer uses many tactics to manipulate victims into giving up whatever information they need. Imagine someone with a police uniform knocks on your door and asks for a word. They look authoritative, so you invite them in to sit down. They spend five minutes discussing crime in the neighborhood, and on the way out, they secretly swipe the spare key. A few days later, you return home to discover that all your valuables are gone.
In this case, the social engineer tricked their way into the home by using a police uniform to appear authoritative. Most people won’t think to turn down a police officer’s request or ask for further identification. The attacker took advantage of this to gain access to the house, where they could get what they wanted, the spare key.
Read the rest of this post »