One of my favorite (worst) things my paranoia likes is trusting people. It feeds from all the stuff I see and read on the all mighty internet every day, see in the news and experience in my own life. Topic: Social Engineering a.k.a. Human Hacking. It is an art of manipulating people into doing the things you want them to do, also involves programming people to give up sensitive information or gaining their trust in order to exploit them and their lives further in life. Some Social Engineering methods can include special software, fake programs, whoring, phishing etc. I will attempt to tell you (My paranoia will try to tell you) how to protect yourself from becoming a victim of social engineering. So here is the main antivirus to protect yourself is YOU!

The reason I like Social Engineering is that there is no protection against it except your own knowledge and a healthy level of paranoia. You have to train your gullibility if you have not done it yet… Because no one will do it for you!

Phishing

What is phishing?

“Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims”

Great examples of this type of Social engineering technique are the email which we love so much. You know what I mean? The Saudi Arabian prince who searched for someone to send his millions to, or the free subscription you won for P0rnhub… I think that the last one was a real email… Moving on!?!?!

So the core if this Social Engineering method is to pretend to be someone you are not, usually it is a person of authority (President, prince, banker, lawyer, police) who sends you an email with a great story and instructions. The recent popular one was the “Ebola email exploit” who was passing around information to people so they would be aware of the problem, which had a link to a malicious website with a virus.

In Phishing attempts, the attacked tries his best to distribute the emails in order to boost the open rate of the emails. The second thing the attacker focuses on is to have a believable message in the email in order for the victim to take action, which most of the time means to follow a link to a malicious website or to download a malicious file.

The popular ones include messages such as:

“Problem with your account, please click/download the/from link

You won a title of a meme lord, please follow the link to get your prize!

Social Media Phishing

Very popular Social Media Phishing technique is to share a link on Twitter or Facebook which has a catchy title and an intriguing image attached to the link. Usually, this link (usually cloaked) leads to another website which has a malware.

The reason this works is because we are brainwashed by the media and guys have enough blood pressure to send blood to one head at a time. Anyway, this attack works in a domino effect, because the malicious link/software will use your social media account to share/send the same link so more people would click on it and infect their devices, and so on.

From the same department is “Whoring”, of pretending to be someone else, such as an attractive girl (most popular) in order to obtain sensitive content which later can be used for blackmail, or sold on the darknet. Storytime:

I personally saw an ONION WEBSITE which was selling nudes if guys and girls. There were over 26 000 social media accounts from Facebook, VK, and Instagram which were all real, and were selling nudes of each account. All these people (mostly girls) were exploited, scammed, hacked, whored which lead to the attacked actually obtaining/getting their private photos and then selling them for cryptocurrency on the darknet. All real, no jokes, no hoax…

HOW NOT TO BE A VICTIM OF PHISHING? Ultimate Rule – If it is too good to be true, it probably is.

This applied to everything you see online. Even things which are not malicious, are considered to follow some other goal. Marketers use it all the time and I am 99% sure you saw them a lot, for example:

Free Ebook

Free MP3

Subscribe and download/win/get

Free Lessons

Free PDF

I am not saying you will not get what they are selling, but you might get a virus with it, and some fake or useless information as well.

I clicked the link and downloaded a Malware because I do not pay attention to anything and do not care about my online security, what now?

Well… I am glad you asked! Malware has different categories:

There are 3 most popular ones:

All these can be attached to a file you downloaded and/or installed which allows the attacker to do anything he wants with your information and computer. This is not a joke, imagine the private information you have on your PC can be obtained. I suppose I will provide hacking instruction in one of my upcoming articles. Something not very harmful.

What can hackers do with my Information?

Please remember that we are living in an age of information, this, therefore, means that information is the most valuable resource nowadays. With enough information, knowledge, and data very good things can be done, as well as bad things. As we are discussing social engineering, phishing, and human hacking, the information that these attackers are obtaining is mostly harmful to companies and us, simple peasants…

The information that you can lose can be used for taking control over your social media, your private pictures which allow the attackers to blackmail you and your loved ones. Another side of the medal is to sell this information to someone who will exploit your accounts.

By gaining access to your emails, the attacker can get almost any kind of information, because he can recover almost any password of any account your email is used for. If it is a working email, then all the working private information can be obtained by again, exploiting the email or reading the email you wrote before.

Remember you did those scans of your passport and your credit card for a visa to Russia? I suppose they are still on your computer, which means I have your identity and bank information. Imagine what can be done now? I can commit a crime online, buy anything I want, including your credentials and it WILL BE YOUR FAULT!

How can I protect myself from Social Engineering?

If it is too good to be true, then it is Healthy level of skepticism/paranoia Safe complicated passwords Double verification of accounts Different passwords for your accounts Backups of your files Do not share nudes with strangers Do not trust strangers Question everything (This is how I lost all my friends because I became super annoying and now I am super lonely and have no friends, and no one likes me but hey, at least I am safe in this void of darkness)