Method 2 – Social Engineering
Social engineering or social hacking is the use of charisma and human fallibility to attain private information from people. It requires no actual technical knowledge, yet it is still often used to gain illegitimate access to accounts with great success.
It involves exploiting or influencing people and manipulating people who have access to sensitive information to get what you want, for example:
Jack calls your bank, pretends to be you and requests access to your account. The bank of course puts him through a security check:
“Can you please give us the card number of the card ending 1234?”
Jack then hangs up, and calls your host:
“I’ve forgotten the password to my hosting account and e-mail, is there a way to reset them?”
A common response is:
“Yes, if you pass a security question. What are the last 4 numbers of the card you have registered with us?”
Jack gives them the number he got from your bank, and he’s allowed to reset your password.
In just 2 steps, Jack has reset your password for your hosting account, and can now quickly change the e-mail address on your account, thus preventing you from easily getting access restored to you.
Does this example sound unlikely to you? It’s adapted from a real event when the valuable Twitter account @N was stolen. This method revolves entirely around charisma, and thus a whole new brand of hacker has emerged that is unskilled with technology, but skilled with people.
There is no way to be perfectly safe from social engineering, as often it centres on support workers and call centres, but you can make it harder for social hackers by making sure you set a custom security question with any company that stores your sensitive data.