How Hackers Exploit “The 7 Deadly Sins”
The phenomenon of “social engineering” is behind the vast majority of successful hacking. This isn’t the hi-tech wizardry of Hollywood but is a good, old-fashioned confidence trick.
It’s been updated for the modern age, and although modern terms such as “phishing” and “smishing” are used to describe the specific tricks used, they all rely upon a set of human characteristics.
7 Deadly Sins” of social engineering[error]Apathy:[/error]
To fall for a confidence trick, or worse, we assume others “must” have taken the necessary steps to keep us secure.
Sadly this leads to a lack of awareness, and in the world of the hacker that is fatal. When we stay in a hotel and we programme our random number into the room safe to keep our belongings secure, how many of us check to see if the manufacturers override code has been left in the safe?
It’s nearly always 0000 or 1234 so try it next time.
Humans are curious by nature but in an online world that might just be a trap waiting for an innocent user to spring it. A colleague built a website that contained a button that said Do Not Press, and was astonished to find that the majority of people actually pressed it.
Be curious, but exercise a healthy degree of suspicion.
It is often thought of as a derogatory term, but we all suffer from this sin. We make assumptions.
We take others at face value, especially outside of our areas of expertise. Put a uniform on someone and we assume they have authority.
Give an email an official appearance by using the correct logo and apparently coming from the correct email address, and we might just assume it’s real, regardless of how silly its instructions might be.
All of this can be easily forged online, so make no assumptions.
We quite rightly all teach our children to be polite. However, politeness does not mean you should not discriminate.
If you do not know something, or you feel something doesn’t feel quite right, ask. This principle is truer than ever in the online world, where we are asked to interact with people and systems in ways with which we are quite unfamiliar.
Despite what we’d like to think we are all susceptible to greed even though it might not feel like greed.
Since its inception, the very culture of the web has been to share items for free.
Nothing is ever truly free online. You have to remember that if you’re not the paying customer, you’re very likely to be the product. In the worst case, you might find that you have taken something onto your machine that is far from what you bargained for.[error]Diffidence:[/error]
People are reluctant to ask strangers for ID, and in the online world it is more important than ever to establish the credentials of those whom you entrust with your sensitive information.
Do not let circumstances lead you to make assumptions about ID.
How many of us when reading an apparently valid link in an email would bother to check whether the link is actually valid or whether instead it takes you to a malicious site.
It is all too easy to click that link but thinking before you act is possibly the most effective means of protecting yourself online.
To save yourself from these 7-deadly sins is to practice your A-B-C:
[list style=”list3″ color=”red”]
- Assume nothing
- Believe no-one
- Check everything