Encircle News!

Retro Game Arcade
, , , , , ,

How social engineering takes advantage of your kindness

Katie Malone

Last week, MGM Resorts disclosed a massive systems issue that reportedly rendered slot machines, room keys and other critical devices inoperable. What elaborate methods were required to crack a nearly $34 billion casino and hotel empire? According to the hackers themselves (and seemingly confirmed by a source speaking with Bloomberg), all it took was a ten minute phone call.

The alleged hackers behind the MGM issue, by all appearances, gained access through one of the most ubiquitous and low-tech vectors: a social engineering attack. Social engineering psychologically manipulates a target into doing what the attacker wants, or giving up information that they shouldn’t — in this case, apparently, by pulling a fast one on an unsuspecting IT help desk worker. The consequences range from taking down global corporations to devastating the personal finances of unfortunate individual victims. But what makes social engineering attacks so effective, and why are they so hard to prevent?

It seems counterintuitive to hand over sensitive information to a complete stranger, but attackers have developed ways to trick you into feeling comfortable doing just that. Those could include building trust over time, gathering information about you to seem like they know you or using a sense of urgency to get you to act quickly without thinking through what you’re giving up. That’s why common personality traits among cyber victims include being extroverted, agreeable and open to new experiences, according to Erik Huffman, a researcher who studies the psychology behind cybersecurity trends.

“Fear is an attack vector. Helpfulness is an attack vector,” Huffman said. “The more comfortable you are, the more hackable you become.”

Plus, digital environments have fewer social cues versus being face to face, so a potential victim is not as good at sensing potentially suspicious signs, Huffman said. We read messages in our own voice, projecting our own good will onto them, which normally doesn’t happen in person. There’s less information like social cues or body language to guide us or give us a gut feeling that something’s off.

A social engineering attack could be as simple as a faux-urgent phone call from a scammer to get your credit card information for low level theft. But there are increasingly complicated “Rube Goldberg attacks” that layer multiple approaches to fool you, according to Sophos X-Ops principal researcher Andrew Brandt. In an example of such an attack, Brandt observed scammers first operating over the phone to get a target to click an email also sent by the scammer. Once clicked, the email would activate an attack chain that included malware and remote access software.

More likely, you’ll encounter it on a much simpler level. You might get a text from someone pretending to be your boss asking for gift cards or be tricked into clicking a malicious link that phishes your credentials. But one way or another you’ll probably run into it eventually, as an estimated 98 percent of cyberattacks rely to some extent on social engineering tactics, according to research from Splunk.

There are some other warning signs people can look out for. Having to download an unusually big file, a password protected zip file that can’t be scanned for malware or a suspicious shortcut file are all signs of a potential attack, according to Brandt. But a lot of it’s a gut feeling — and taking time to step back before proceeding to consider what could go wrong.

“It is a practice that takes repetition and rehearsal over and over again to reflexively distrust what people say to you who you don’t know,” Brandt said.

Huffman said people can try to avoid falling victim by acknowledging the limitations of a digital environment, and asking questions like: Does it make sense for this person to reach out to me? Does this person behave in a trustworthy manner? Does this person have the authority or position of power to give these directions? Does this person truly understand the topic we’re discussing?

Social engineering attacks happen constantly, to huge corporations as well as everyday people. Knowing that our good-natured traits can be our greatest weakness when faced with this variety of bad actors, it can be tempting to stop being nice altogether for safety's sake. The key is balancing our social instincts with healthy skepticism. “You can be helpful," said Huffman, "but be cautious.”

This article originally appeared on Engadget at https://www.engadget.com/how-social-engineering-takes-advantage-of-your-kindness-170043531.html?src=rss

https://www.engadget.com/how-social-engineering-takes-advantage-of-your-kindness-170043531.html?src=rss

Follow Us

Featured Posts

December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1011: The Year in Review – A Look at the Top Stories of 2024 This Week in Tech (Audio)

What's behind the tech industry's mass layoffs in 2024? : NPR Rabbit R1 AI Assistant: Price, Specs, Release Date | WIRED Stealing everything you've ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster. Microsoft delays Recall after security concerns, and asks Windows Insiders for help The Qualcomm Snapdragon X Architecture Deep Dive: Getting To Know Oryon and Adreno X1 Elon Musk: First Human Receives Neuralink Brain Chip Apple hit with €1.8bn fine for breaking EU law over music streaming Bluesky emerges The hidden high cost of return-to-office mandates Apple's Car Was Doomed by Its Lofty Ambitions to Outdo Tesla SpaceX pulls off unprecedented feat, grabs descending rocket with mechanical arms U.S. versus Apple: A first reaction Google Says It Won't Force Gemini on Partners in Antitrust Remedy Proposal U.S. Accuses Chinese Hackers of Targeting Critical Infrastructure in America U.S. Agency Warns Employees About Phone Use Amid Ongoing China Hack AT&T says criminals stole phone records of 'nearly all' customers in new data breach National Public Data confirms breach exposing Social Security numbers Schools Want to Ban Phones. Parents Say No. New York passes legislation that would ban 'addictive' social media algorithms for kids GPT-4o (omni) + new "Her"-style AI assistant (it's nuts) Google emissions jump nearly 50% over five years as AI use surges Trump proposes strategic national crypto stockpile at Bitcoin Conference Ten additional US states join DOJ antitrust lawsuit looking to break up Live Nation and TicketmasterThe Internet Archive just lost its appeal over ebook lending Hezbollah Pagers Explode in Apparent Attack Across Lebanon OpenAI raises $6.6 billion in largest VC round ever Painting by A.I.-Powered Robot Sells for $1.1 Million Netflix's Live Mike Tyson Vs. Jake Paul Fight Battling Sound & Streaming Glitches In Lead-Up To Main Event Infowars Sale to The Onion Rejected by Federal Bankruptcy Judge Supreme Court agrees to hear challenge to TikTok ban So You Want to Solve the NJ Drone Mystery? Our Expert Has Some Ideas Beeper's push for iMessage on Android is really over The Quiet Death of Ello's Big Dreams Japan finally ends mandatory form submission on floppy disks We'll Miss You: Pioneering instant messaging program ICQ is finally shutting down after nearly 30 years Spotify is going to break every Car Thing gadget it ever sold Game Informer to Shut Down After 33 Years In Memoriam Host: Leo Laporte Guests: Fr. Robert Ballecer, SJ, Richard Campbell, and Mikah Sargent Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: bitwarden.com/twit
  1. TWiT 1011: The Year in Review – A Look at the Top Stories of 2024
  2. TWiT 1010: The Densest State in the US – TikTok Ban, Drones Over Jersey, GM Quits Robotaxis
  3. TWiT 1009: Andy Giveth & Bill Taketh Away – Trump's Tech Titans, Crypto Boom, TikTok's US Ban, Intel CEO Exits
  4. TWiT 1008: Internet Legal – Australia's Social Media Ban for Kids, Smart Home Nightmare, Bluesky's Ascent
  5. TWiT 1007: All the Hotdogs in the World – China's "Salt Typhoon" Hack, Google on the Chopping Block, Recall AI