When we think of computer exploits, what most commonly comes to mind is viruses and malware from inadvertent clicks. This is also what we (Travel Tech) see the least of!
In the 90’s, movies like “Hackers” and “Jurassic Park” had characters whose computer exploits involved complicated coding and sophisticated hardware and software to allow them access to computers and systems that became part of the plot point. The collective conscios was educated that with a strong antivirus and firewall, your computer equipment was safe.
This was correct, to a degree. As anvirus software and router / modem hardware became better and better, hackers had to find a new way to pull of their exploits. The easiest way to do this? Convince the end-user to open the door themselves!
The term for this is SOCIAL ENGINEERING or SOCIAL EXPLOITING. It takes many forms, and all involve directly contacting the user, and convincing them to install software on the computer that allows the hacker to gain control or otherwise access their system. The following are a few methods that are commonly used to do this:
Hacker sends an email to the target, which is made to look like a legitimate document from Apple, Microsoft, Dell, etc., with directions to download and install software, or click on a link to ‘verify’ any number of things. These can be sent out en-masse, and is probably the most technologically-sophisticated method. Once these are sent out, the hacker can then access either the computer or the account information put in by the victim.
The hacker contacts the target, typically using a service that spoofs the phone number, making it appear as a local number. Once the target is on the phone, any number of angles are used to convince them to provide the hacker access. Bank account access, computer access, or both.
Stay tuned – this week we will provide updates on ways to protect yourself and your assets from a socially engineered attack.