Tech Tips Home
The Best Tech Tips And Daily Deals
Newsletter On The Internet!

WorldStart Tech Tip And Store Search
Email: Password: Login Remember Me
looking for freeware

Like what you see here? Subscribe to the Tech Tips newsletter!   Email: Subscribe

Social Engineering

Friday, October 13th, 2006 by | Filed Under: Security Help

Social Engineering

Last week, I touched on the subject of Social Engineering, as it was brought to my attention in Kasperky’s monthly online scanner as a prevalent and successful avenue of infection for attackers. Social Engineering is basically a method in which some ill purposed entity tries to convince company officials, or simply individuals, to divulge certain information. For example, bank account information, social security numbers, birthdays, etc. This technique can be done either on the phone or over the Internet and both methods are wildly successful.

Now that we have an understanding of Social Engineering, let’s take a look at a couple of online threats that use Social Engineering to infiltrate unsuspecting end users. One method that seems to be coming into action is attacking people through blogs. Blogs, if you are not familiar with them, are like little personal Web sites where the creator posts different topics or articles and the readers of it can usually comment on the content. They have grown in popularity substantially since their inception with more people by the day finding out about them. It’s a highly used new online resource. Well, since hacking is a numbers game and blogging is becoming exponentially more popular, it almost seems natural that this would become a major focus for hackers. And it has.

Hackers are now creating their own blogs and with any other sort of attack, everything appears normal. But, behind the scenes, the blog contains viral code waiting to infect your system. After putting together their online trap, the attackers will usually try to get the address out to the public in a number of ways, such as spam, chat rooms and instant messaging. In all actuality, the attacker could even put a link in one of his/her comments on someone else’s blog or message board post. After that, all it takes is for someone to click on the link and bam, they’re infected.

We also see that Social Engineering attacks are becoming common on Web sites like Facebook and MySpace. As a matter of fact, a recent study from CA / NATIONAL CYBER SECURITY ALLIANCE shows that 87 percent of people that engage in these social Web sites are leaving their systems vulnerable to attacks. Some of the other stats from the study are just as alarming:

  • Although 57 percent of people who use social networking sites admit to worrying about becoming a victim of cyber crime, they are still divulging information that may put them at risk. For example, 74 percent have given out some sort of personal information, such as their e-mail address, name and birthday.
  • 83 percent of adult’s social networking are downloading unknown files from other people’s profiles, potentially opening up their PCs to attacks.
  • 51 percent of parents aware of their children’s social networking do not restrict their children’s profiles so only friends can view, leaving their child’s profiles unrestricted to potential predators.
  • Furthermore, 36 percent of these parents surveyed do not monitor their children on social networking sites at all.

Once you’re infected potentially, all the information you type in your system from there on out is recorded and transported to the mothership. This is bad and if done in an environment, such as a home or business network, these infections can reap some serious benefits for its master.

This is really an interesting time in the evolution of cyber attacks. There is almost a shift in how people are getting attacked anymore and article after article that I read lately points to the same conclusion. The end users are the weak link. I’m not trying to be insulting or belittling at all. On the contrary really, but the situation is more like this.

Almost everyone has gotten themselves an antivirus protection program, your ISP, more than likely, has put an antivirus program on their servers, people have firewalls, antispyware software, identity theft protection, etc. You name it and we’ve got it, but with Social Engineering, none of this matters. If you invite code into you system by selecting an active link, you are putting yourself at risk. Between that and whatever the new exploit or vulnerability is at the time, can make the whole experience like walking in a minefield.

Okay, Chad, thanks for the “good news.” Now, what can we do to protect ourselves?

Of course, I have to give the traditional, yet fundamentally, sound advice of making sure you have an antivirus utility on your computer and that it’s up to date. Also, make sure you have a firewall in place and scan all the systems on your network regularly. It is equally important that you help protect your system by not clicking on any links from unknown sources. It’s also a good idea to severely scrutinize links from known entities to verify the user and the link before you open them. This includes e-mails, blogs, instant messages, etc. Any and all of these communication methods are being used for these insidious attacks, so be careful with everything!

Antivirus vendors are currently working on counter measures to protect users from these sorts of attacks. Hopefully, these preventive measures will become available to the public soon.

Until next week, stay safe out there.

~ Chad Stelnicki

Leave a Reply

Like these tips? Get them for FREE in your email!

WorldStart's Tech Tips Newsletter

  • Tech Tips Daily - Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

  • Tech Tips Weekly - If you don't want our Tech Tips newsletter every day, then sign up for this weekly newsletter to get the best information of the week. Sent on Fridays.

Other Newsletters

  • WorldStart's Daily Deals - Every week, we send out great deals in our Daily Deals newsletter. Many of these deals are exclusively for our Daily Deals newsletter subscribers and can't be found with our regular specials.

  • Just For Grins - Each issue includes a couple clean jokes, some funny quotes, and a hilarious reader's story. Newsletter is sent five days a week.

Enter Email Address:


Your e-mail address is safe with us!
We only use it to send you the newsletters you request. It is NEVER disclosed to a third party for any reason, ever! Plus, if you decided you don't like our newsletters (don't worry, you'll love them), unsubscribing is fast and easy.

Free Newsletter Signup

Tech Tips Daily

Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

Tech Tips Weekly

The week's best in tech and computer help. Get your issue sent to your email every Friday!

WorldStart's Daily Deals

The very best deals on the Internet! Get a new set of incredible sales every day of the week!

Just For Grins

Clean jokes, funny quotes, and hilarious comics. Sent 5 times a week straight to your email.


Love Worldstart? Refer A Friend!

looking for freeware
WorldStart's Premium Membership

Tip Archive