High-profile hacks have two ingredients: technical skills and social engineering.
Social engineering is the manipulation of the human psychology, and hackers manipulate their targets’ emotions and thought process to invade their privacy.
Human error is the leading cause of data incidents and causes 58% of security breaches.
Social Engineers are equal to a human hacker, and can predict common responses and reactions. Hackers are aware of common online habits such as reusing passwords for many accounts. Below are human emotions that hackers manipulate to gain access to your private information.
Many people will hand over their private information or download a virus out of fear or stress. A common hacker tool is phishing emails, which trick people into handing over confidential information. These emails imitate emails sent from banks or the IRS, and state an urgent need for the individual’s bank account number and password to protect an invaded account.
Excitement / Naivety
Baiting is a hacking tactic that plays off of excitement / naivety and promises people an item if they download or click a link. Hundreds of people have interacted with emails, social media messages or online ads that promised discounted items, free trips and free content. If an offer is too good to be true and requires any personal information, it’s most likely a scam.
Some people download malware or yield their password out of curiosity. In 2006, the company Secure Network Technologies, dropped dozens of malware infected USBs in an organization’s parking lot to test the power of curiosity. Many employees picked up the USBs and plugged them into their computers. In the process, a key logger was activated and stole employee login credentials.
Hackers target these common human emotions and different types of social engineering scams to gain access to people’s private data. If you get calls from unknown numbers or people asking for your information, take caution. Do not readily give out your information and ask for their full information. Don’t act before you authenticate.