There are various types of hacking, sometimes a ransom is extorted if the attackers have managed to encrypt the database (ransomware), but in some types of hacking humans play a major role. The same is true for social hacking, where the weak point is not a misconfiguration of a system but the human being himself.
Social Engineering equals Social Hacking?
If one speaks of the fact that humans are “hacked” or manipulated, one often comes across the term Social Engineering. Social Engineering (“social manipulation”) describes the manipulation of people. The manipulation often looks like that a certain behaviour is induced in the victim, which is exploited. An example to better understand this term is the “grandchild trick”.
The grandchild trick often involves manipulating elderly people in such a way that they hand over money to an alleged grandchild who is in fact a criminal. Here it is taken advantage of the fact that older people become partially forgetful and do not remember their grandchildren exactly. In addition to the forgetfulness, a helper’s instinct is obviously exploited, because the criminals pretend to be worried about money, so that the elderly person feels obliged to help.
Social hacking is very closely related to the term social engineering, as just stated, one speaks of social engineering when a person is generally manipulated. Social Hacking is also about manipulating people, but the goal is different. Because social hacking is about gaining access to a computer system or network which is obtained through human manipulation.
There are countless vulnerabilities in current operating systems and applications. Many of these have not yet been discovered, but all experts agree that countless are still being found. Nevertheless, the current number 1 vector of attack is email for almost every cyber attack. Such phishing emails can be called social hacking, because they try to hack your human system with their content and force you to download a file, for example.
A frequently exploited human vulnerability is the creation of pressure or compassion. Almost everyone knows about the advertisements or emails promising huge profits, but you have very little time to click on the link. In these examples we try to create pressure to make people click before they have thought about this action. The following video shows the exploitation of compassion, an alleged woman has to go into her husband’s account, with an allegedly shredding baby in the background, compassion was triggered in the interlocutor.
The only way to protect oneself against this type of attack is for all employees to be trained and recognize typical symptoms of a phishing e-mail or a call from the alleged IT department. It is important to carry out these trainings on a regular basis so that all employees regularly learn about the new attack methods of the attackers and thus do not fall for it themselves.
Sevencast – der IT-Security Podcast
Von unterwegs, im Büro oder zu Hause hören und auf dem aktuellen Stand bleiben!