When many people think of cybercrime, they think of a bearded guy beating away at his keyboard in a dark room, searching for vulnerabilities in the network that can be exploited. While exploits are a big threat, the reality is that many attacks happen in smoother and more subtle ways. Why spend days slaving away to get in the backdoor, when you can just ask nicely to be let in through the front? This is the essence of social engineering.
A social engineer uses a wide range of tactics to manipulate their victims into giving up whatever information they need. Imagine that someone with a police uniform knocks on your door and asks to have a word. They look authoritative, so you invite them in to sit down. They spend five minutes discussing crime in the neighborhood and on the way out, they secretly swipe the spare key. A few days later, you come back home to discover that all of your valuables are gone.
In this case, the social engineer tricked their way into the home by using the authority of the police uniform, which many people respect or even fear. Most people won’t think to turn down a police officer’s requests, or to ask for further identification. The attacker took advantage of this to gain access to the house, where they could get what they wanted, the spare key.
Read the rest of this post »