Defending Against Social Engineers: What You Should Know


#1

You never really get to know you are dealing with a Social Engineer (or Con Artist) until they get what they want and have vanished into thin air.

There are many ways Social Engineers get their targets. Baiting, Pretexting and Phishing are three very common ones (We have covered phishing exclusively here).

Social Engineers are often willing to wait months and even years to get what they are aiming for, and targets are only a means/tool to getting it.

Here are two things to keep in mind to prevent yourself from becoming a Social Engineer’s tool:

  1. Be Paranoid.
    Be suspicious of everyone you randomly meet on the internet, in the mall or even in the elevator on the way up to your office.
    A Social Engineer will often take his time to do a proper reconnaissance on you before he/she even strikes a conversation, often coming from a point of mutual interest (Baiting) so you have something to discuss about. But stay suspicious and avoid divulging information to someone you simply “like” or “trust,” especially if you trust easily.

  2. Create a Mind Map of your Space
    A mind map of you (and those close to you) will let you know when a con artist or a trusted person his overstepping into private territory
    See image below.

In the map above, Tolu is the HR Manager at F&R Inc., her father is a Director at H&B Bank.
If a Social Engineer wanted to use her position at F&R to access critical company data or information, then he may ask questions like “Have you had a fire incident in your office before? "How do you recover critical data” or “How often are your staff supposed to change their passwords?” This question would not be asked directly of course, but Tolu knows with a mind map that the social engineer is stealthily seeking to know how critical files are stored and how passwords are managed in her company.

If H&B is the Social Engineer’s trove, then Tolu’s father becomes the primary target to get to the bank (Tolu is now a first-level but secondary target)
The Social Engineer starts by endearing himself to Tolu, then gets to visit her father before trying to win his trust. He may then take advantage of the man’s knowledge to gain access to insider information at H&B

In this case it falls on Tolu to learn the Social Engineer’s motive from the offing given the kind of question he asks, or how interested he seems to be in meeting or seeing her father.

A mind map is therefore important to help individuals understand their space and those who actively try to creep into them.