Social Engineering / Hacking Your Mind

Hacking Your Mind
Cyber criminals have learned that the easiest way to take control of your computer or
steal your information is to simply ask. Use common sense. If a person or a message
seems suspicious or too good to be true, it may be an attack.

The Attack
Today, much of your interaction with other people is done virtually; you no longer need to be  in physical contact to communicate. You talk to people on the phone, chat with them via instant messaging, send SMS messages on your smartphone or communicate with email. These technologies have made it much easier to communicate and work with people from
around the world. However, these technologies also make it much easier for cyber criminals to launch one of their most effective attacks against you: social engineering.

Social engineering is not a technical attack, meaning it does not exploit vulnerabilities in your computer. Instead, it is a psychological attack that exploits vulnerabilities in you. Cyber criminals build trust by pretending to be a person or organization you know. They then exploit this trust to obtain whatever they want, such as access to your computer, your money or your information. Cyber criminals have learned that often the easiest way to steal something is to
simply ask for it. Social engineering attacks use the same tools you use every day, including email, smartphones and the web.

Protecting Yourself
Social engineering attacks are the hardest to protect against because technology alone cannot solve the problem. You are the best defense. Understand that you are a target and that cyber criminals will use any technique they can to fool or trick you. The simplest way to protect yourself is to use common sense. If an email, message on Facebook or phone call seems suspicious or sounds too good to be true, it is most likely an attack. Below are several common social engineering attacks.

Malicious Email
You receive an email from your bank saying that your account has been locked for security reasons. You must log into your account and reset it right away or you will be permanently locked out. The email then provides a link for you to click on. If you click on the link you are taken to a website that looks just like your bank. However, in reality this is a fake website controlled by the hackers, whose goal is to harvest your username and password when you log in. In some cases, instead of sending you to a website to steal your username and password, they send you to a website that will automatically hack into and infect your computer. The best way to protect yourself is not to click on any links in emails you were not expecting. If you are  concerned that the email may be legitimate, open your browser, type in the URL to your bank yourself and then log in instead of clicking on the link. That way you know for sure you are connected to your real bank.

You receive a text message on your smartphone announcing you have won the lottery. To collect your lottery winnings you must contact a person and provide them your banking information. When you contact the person they explain that to receive your lottery winnings you must first pay a transaction fee or taxes. Once you provide your information and pay the fees, the cyber criminals disappear with your money and information, never to be seen again. The simplest way to protect yourself is simply ignore and delete the email.

Your friend posts on her Facebook page that she is on vacation in London and has just been mugged. She needs someone to send her money right away so she can get back home. However, this is a lie; your friend is not really on vacation, nor has she been mugged. Instead a cyber criminal has hacked into her Facebook account, then posted this fake message in an attempt to scam money from her friends, such as you. In this case, the best way to protect yourself would be to call your friend on the phone and confirm if she needs help.

Tech Support Scam
You receive a phone call from someone claiming to be from a computer support company. They believe your computer is infected and have been tasked to investigate and help you secure your computer. They then ask you if there are specific files on your computer and tell you how to find them. When you locate the files on your computer the caller confirms your computer is infected. In reality this is all a lie, your computer is not infected, these files are standard files that every computer has.

Once they have you fooled into believing your computer is infected they will then pressure you into buying their security software. However, this software is really a virus that gives them total control of your computer. In the end, not only has the caller tricked you into infecting your computer for them, but you just paid them to do it.

Print this newsletter: Module02-SocialEngineering-Newsletter

© The SANS Institute 2013  /  Used with permission from The SANS Institute.


This entry was posted in Cyber Security Awareness Month, Cyber Security Tip, Uncategorized and tagged , , , . Bookmark the permalink.

16 Responses to Social Engineering / Hacking Your Mind

  1. Nancy says:

    I blog frequently and I genuinely thank you for your information. This article has really peaked my interest.
    I’m going to book mark your website and krep
    checking for new information about once a week. I
    subscribed to your Feed too.

    Here is my blog post web site, Nancy,

  2. Hi! I know this is somewhat off topic but I was wondering which blog platform are you using for this site?
    I’m getting sick and tired of WordPress because I’ve had problems with hackers and
    I’m looking at alternatives for another platform.
    I would be fantastic if you could point me in the direction of a good platform.

    Feel free to surf to my website … nettcasino (

  3. Auckland SEO says:

    I’ll rkght away grab your rss as I can’t find your email subscription hyperlink or e-newsletter
    service. Do you’ve any? Kindly allow me recognize in order that I could subscribe.

    my blog post … Auckland SEO

  4. This design is steller! You obviously know how to keep a
    reader amused. Between your wit and your videos, I was almost moved to start my own blog (well, almost…HaHa!) Great job.
    I really enjoyed what you had to say, and more than that, how you presented it.

    Too cool!

    Feel free to surf to my website; book oof ra tricks (

  5. nettikasinot says:

    I really love your blog.. Very nice colors & theme.
    Did you develop this web site yourself? Please
    reply back as I’m wanting to create my own site and would love to know where you
    got this from or exactly what the theme is named.
    Many thanks!

    Here is my blog post: nettikasinot

  6. Very interesting info !Perfect just what I was looking for!

  7. Thanks a lott forr sharing thіs with all folkss yyou actually
    recognise what you’гe talking approxіmately!

    Bookmarked. Kindly additionally consult ԝith my website =).

    Ԝe maү have a hyperlink trɑdе agreement аmong us

    my weblog … lamar hunt jr

  8. Rattling great information can be found on site. “Education is what most receive, many pass on, and few possess.” by Karl Kraus.

  9. Great tremendous issues here. I am very happy to look your post. Thank you a lot and i’m having a look ahead to touch you. Will you kindly drop me a e-mail?

  10. instagram says:

    Howdy! This is my first comment here so I just wanted to give a quick shout out and tell you I genuinely enjoy reading through your posts. Can you suggest any other blogs/websites/forums that cover the same topics? Thanks a lot!

  11. I do not even know how I ended up here, but I thought this post was good. I do not know who you are but certainly you are going to a famous blogger if you aren’t already ;) Cheers!

  12. last} says:

    Hey there, I think your site might be having browser compatibility issues. When I look at your blog in Chrome, it looks fine but when opening in Internet Explorer, it has some overlapping. I just wanted to give you a quick heads up! Other then that, wonderful blog!

  13. I am glad to be a visitor of this arrant site! , thankyou for this rare info ! .

  14. dili optim says:

    Good – I should certainly pronounce, impressed with your site. I had no trouble navigating through all the tabs as well as related info ended up being truly simple to do to access. I recently found what I hoped for before you know it in the least. Reasonably unusual. Is likely to appreciate it for those who add forums or something, web site theme . a tones way for your customer to communicate. Excellent task.

  15. lucy says:

    Thanks for the heads up! With all these schemes going around, it helps to be skeptical. When in doubt, take time to research on deals, especially those made online, before you get involved. Take advantage of the free reverse phone number look-up service at too! The website does not only provide accurate information on the phone number, but it also developed a free call blocker app to help filter incoming calls. And lastly, in the event of getting a scam call, make sure to report it to the proper authorities.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>