Social Engineering: The Weakest Link In The Chain

On By John GrubbIn Security, Training
Person shown as the weakest link in a chain.

When it comes to security online, the weakest link in the chain is, unfortunately, the computer user. That’s you, that’s me. Oh, there are other security issues – hence, updates to our software, etc. But, it’s the person in front of the computing device’s screen who makes up the most vulnerable aspect of the virtual world.

Why We’re The Weakest Link

How is it that we are the biggest risk? It’s because of something called “Social Engineering.” We humans are emotional beings. We love, we hate, we are fearful, we are dreamers, we want to help others and lots more. Those bad people on the Internet who would like to steal our money or take over our computing devices to do evil, almost always use social engineering to accomplish their task.

For example: yesterday, I had someone log into Remote Technical Support (https://www.4kcc.com/rts) because they had gotten one of those scam pop-up web pages. You know, one of those claiming that their computer was infected, that they would lose all their files if they shut the computer off and that the only way out was to call the toll-free number listed on the page. After I got rid of the page for my customer, she asked “Why doesn’t my anti-virus stop these kinds of scary pages?” The answer is simple, there’s nothing wrong on the page itself. There are no viruses, no malware – nothing that would trigger an anti-virus. What is on the page is wording designed to social engineer you. The words attempt to appeal to your emotion of fear or panic.

A Master Of Social Engineering

You may have heard of Frank Abagnale. If you don’t know his name, you may have seen the Tom Hanks movie “Catch Me If You Can.” Mr. Abagnale was the subject of that movie. Or, perhaps you watched the TV show “White Collar.” That also was based on his life. He was a master of social engineering. He used his charm and wit to appeal to the emotions of others to get what he wanted. (If you’d like to watch and listen to something interesting, click on the button at the end. It’s a video of Mr. Abagnale’s talk at Google. It’s an eye-opener.)

Not Just Fake Pages

Besides the fake pages which attempt to panic you into calling a phone number or clicking to download a file, here are some other examples of how crooks try to use social engineering to fool you:

  1. You receive a phone call from someone claiming to be from Microsoft or Windows or Apple. They tell you that your computer has issues and you need to let them onto your computer to fix the issue. This is an attempt to use fear as a motivator.
  2. An email comes to you stating that a friend is in trouble, lost their wallet, has no money and can’t get home. This is an attempt to appeal to your willingness to help others.
  3. Congratulations! Someone emails you because you’ve been recommended to help them move some money from their country to the US. And, if you’re willing to help, they will give you a percentage of the money. This is an attempt to tap into your dreams. Who wouldn’t like some easy money?

Social Engineering: The Weakest Link In The Chain: My Point

My point? Simple. You need to be smarter than those crooks who would deceive you using social engineering. No matter who calls on the phone or what pops up on your screen, take a deep breath, check your emotions and think logically. If you do, you’ll be way safer and your online experiences will be productive, fun, educational and positive!

Frank Abagnale’s Google Talk