When you imagine hackers, what do you see?
Are nerds slouched over their keyboards? Computer whizzes looking to earn an extra buck? Are punk kids doing it for the thrill?
The truth is hacking is often more simple than that. With the technological leaps and bounds made in the last couple of years, it has become harder and harder to trick computers. Many hackers have turned to a much older and more stable art: tricking humans.
You’re probably familiar with some of these scams, which have managed to seep their way into the public consciousness.
From The Emperor’s Clothes to the Emperor’s Bank Account
The most famous is the Nigerian Prince Scam. This scam works because the sender claims to be a member of Nigerian royalty who is currently unable to access his savings account. If the recipient can send the prince a certain amount of money, then the prince says he will be able to access this savings account. The sender/prince then promises that as soon as he gets access to his savings account, he will send the recipient his initial investment and some.
Of course, it’s all a lie. When people send money, one of two things happens. Either the email sender disappears, or they invent more charges that the email recipient must pay.
This scam might seem like an obvious ploy to some. Why would a Nigerian contact a random person, who’s generally unimportant on the geopolitical scale? But the incredulity is half the point. The Nigerian Prince Scam is often sent to a variety of individuals. Those who don’t believe it usually don’t reply, which weeds out the people who are the least likely to believe the scammer. That leaves the rest of us to get duped.
Phishing for Information
There are many other examples of Social Engineering, most of which don’t involve such sensational content. For instance, you might get an email that claims your bank needs you to verify your account information. Sometimes they might ask you to click on a link, which will send you to a login page that looks just like the login page that your bank uses. You provide them with the username and password, which they promptly use to steal money from your account.
Acts such as these are known as “phishing,” i.e., when a hacker pretends to be someone they’re not: a bank employee, a Microsoft tech, etc. They contact you and “fish” for information, hoping you’ll give them the information they need to take your money or identity.
This leads us to the most important question of all. How do you protect yourself against these scams? You’ve already done the first and most important thing, which is to know that they exist. Often the people getting hit hardest by these scams are the ones who don’t expect them.
But it takes more than knowledge to avoid these scams. Many know that people lie on the Internet, but there’s still a knee-jerk reaction to try and have faith in humanity. Sometimes, we don’t want to believe that people are lying. We especially want to believe them if they’re offering us something like extra cash.
The trick is to be savvy. Now that you know about social engineering scams, you must apply common sense. When opening an email from someone you don’t know, ask yourself why this person would send you this email at this particular time. It’s rare for a company to ask you for your login information unless you’re logging onto their site, just like it’s rare (and perhaps inconceivable) that a Nigerian prince would contact you and ask you for money.
Know How They Know What They Know
Even if you’re careful, detecting scammers can still be tricky. For instance, what if they have your personal information? If a scammer contacts you claiming to be a “long lost son,” you might be suspicious. But what if they know where you go every Memorial Day Weekend? What if they know your name, the name of a family member, where you work, and your interests? Would that convince you?
It’s horrifying, but much of that information is available online. Many of us are giving away our personal information through social networks like Facebook, Twitter, Tumblr, and Linked In. This isn’t necessarily a bad thing–sharing is one of the points of social media, anyway–we should still be conscious of what we’re putting out there. One quick Google search and a scammer may know everything they need to know to dupe you. But if you know what information you’ve put out there, you’re better equipped to know who’s trying to trick you.
The Bottom Line
Here’s a quick summation of what you need to know.
It’s easier for hackers to get information from people than from computers.
Hackers often engage in “Phishing,” which means they’re pretending to be someone they’re not.
Use common sense when providing personal information, making sure to ask yourself why people need to know what they say they need to know.
Hackers have a lot of your personal information at their disposal already. Don’t trust them because they provide information only your friends should know.