Updated date:

How Black Hat Hackers Use Social Engineering to Steal Personal Details

Alfred is a long-time teacher and computer enthusiast who works with and troubleshoots a wide range of computing devices.

'Black hat' hacker?

'Black hat' hacker?

The love for social engineering by computer hackers is explained by the ease with which it can be done. Using popular online social platforms like email, Facebook and Twitter, the black hat hackers save themselves days of tiresome procedures of password and other personal account hacking by simply asking you these details via email, phones, and social apps: ... and sometimes actually succeeding!

Growing instances of cyber attacks on private and government agencies border cyber terrorism.

New York Times, Washington Post, Facebook, Twitter and Apple are just some of the companies to have been hit by black hat hackers in the recent times.

The hackers do not seem to be sitting putt, and are letting you know about the possible cyber trends in the coming years.

Execution of social engineering and other modes of attacks is a reminder that grand cyber terrorism can be upon us any time.

According to Mandiant, a US based cyber security firm, clusters of sworn cyber hackers are housed and operate within a building in the suburbs of Shanghai in China. Overall, global attacks are reportedly coming from Eastern Europe and China.

Cyber wars continue to target individual users and corporations and there is no telling how critical the attacks can spiral out of hand.

Whereas individual attacks have rotated around acquiring private information and credit card details for theft and other motives, growing number of threats are targeted towards corporations and government agencies, for various speculative reasons.

It is however safe to argue that theft of tech and business secrets may be the issue at hand.

While these attacks seem ‘moderate’, future and scary attacks may well be targeted towards crippling national infrastructures like water systems, electricity grids, street lights and financial institutions.

Such attacks can cause untold panic and economic meltdowns.

How Hackers Will Try to Access Your Computer

Whereas corporations and other institutions place responsibility and duty of protection and cyber security in the hands of webmasters, system administrators, security software and firewalls, hackers always innovate and scout for ever present weaknesses in systems and users.

Overall cyber attacks take advantage of carelessness in users and hence employ phishing, malicious links and password scams.

Simply put, contemporary black hat hackers are interested in the small person like you from where they can possibly reach the big guys. Apart from the need to know more about you and the desire to get your financial details makes you a target, and also the middle person.

If you own or use a mobile device, a computer at home, company or government, you may just be the necessary link to the big fellow! Your communication with your family and workplace normally happens via email and social platforms.

Hackers know about the proliferation of social sites and your absolute love for them, and they know what to do with this weakness in you! Social sites and activities are 'social' as the word suggests, and almost all users treat social transactions rather casually!

Hackers also want to use your computer as a zombie in order to attack corporations and government agencies.

This way, they stay away from close scrutiny, and you will always be the first suspect in-case your computer (zombie) is tracked down.

1. Social Engineering

Social engineering is basically the art of manipulating a person to break security procedures via a social tools. Through use of socially accepted interaction, a user is tricked into divulging information that should not have been let out.

Facebook is very much prone to app based scams

Facebook is very much prone to app based scams

Social engineering hackers use popular social platforms like email, Facebook, Twitter, Google+ and Pinterest.

The love for social engineering is explained by the ease with which it can be done. Hackers save themselves days of tiresome procedures that is part of password and info hacking, and simply ask for these details from you via mail and other social foray!

Human social activities border stupidity and that is why addiction to them makes us react with human faith when confronted with would be scammers.

2. Phishing

Phishing basically involves the hacker sending a persuasive email to a victim, requiring him to respond in a matter of urgency.

The communication is usually explained as verification process whose information will be used to straighten out business anomalies!

If done via mail, for example, it would appear to come from a legitimate business agency affiliated to a bank, requesting for user names, and other personal details!

While still using email, other phishing tactics also involve installation of tracking applications. A recipient will receive mail which contains a file which can secretly install in the computer.

Upon installation these applications which mostly run in the background, will initiate remote backdoor communication with hackers.

3. Pretexting

Just like phishing, Pretexting is another form of scam that can be used to get information from unsuspecting victims. Pretexting is commonly done via phone and the hacker endears himself to the victim, in order to gain his confidence, before asking for personal details.

The hacker sometimes mimics a friend or business personalities known to the victim.

After the victim has trusted the source of the call, he may subsequently release whatever information that is asked of him!

4. Facebook and Other Social Network Scams

Facebook too, and other social networking websites are to pedal social engineering scams.

Attacks on Facebook and other social sites users are done through apps, wall posts and friends.

A common technique involves apps from friends which invite you to try out ‘another’ app. You will be fore-warned that the app will have access to a number of your Facebook activities. Whereas some of these apps do not mean harm, others actually actually want to monitor your activities for illegal reasons.

It is up to you to assess the risks involved and then deny or give permission. You could as well not install the app.

My Take

As a precautionary measure it is always smart to approach online and offline social activities with lots of caution. It won't hurt to know that black hat activities rule the internet, and hacker attention is focused on user behavior in social sites and other domestic social activities.

For starters, it is smart not to open attachments from sources that are not known to you, or un-warranted or irregular attachments .

For Facebook and Twitter users, avoid indiscriminate installation of apps, and where necessary avoid granting them exclusive permissions.

Be wary of irregular phone calls that request for personal details. Exchange of these details should not be happening over the phone in the first place.

© 2013 Alfred Amuno