Mostly Social engineering is the preliminary step used by cyber criminal to get hold of confidential information. It is the human element behind majority of cyber attacks as it is unpredictable many a time. Social Engineering is an approach to gain access to information through misrepresentation. It is the conscious manipulation of people to obtain information without making the victim realise that a security breach is occurring. It may take the form of impersonation via telephone or in person and through email. Some emails entice the recipient into opening an attachment that activates a virus or malicious program into victim’s computer. At its simplest, social engineering means manipulating someone to do something you want, or give you information you want, often without the person considering the negative consequences of the action. Now-a-days more women are connected to and interact with technology, whether they want to or not, and many new internet users are not security-aware. This makes digital world easier to target a women. A Social Engineer approaches women through various means to get sensitive confidential information.
How social engineers target women
Public Places
Social Engineering can be done through public places like cafes, pubs, movie theatres or through various social media platforms etc. You may casually give some sensitive information to a social engineer or someone may overhear your conversation to get the information from you.
Avoid careless talks in public places.
Gossips
Your causal talks over a cup of coffee with your friend at a coffee shop or at your office can lead to disclosure of sensitive information about you or about others. For instance, when you talk about person to another person for fun may end up in giving some information about the other person who might be a social engineer. These casual talks in current scenario of cyber space anything can lead to cyber threats.
Gossiping is not right, you may end up helping a social engineer to take out details of your enemy or friend. Never gossip with strangers.
Personal Pride or Confidence
You may give sensitive information of your family or organization to boast your achievements, pride, and confidence to unknown persons. A Social Engineer may come to your organization to present his business needs and may ask for sensitive network information. If you are a network admin you need to very cautious before revealing any network related information regarding your organisation.
Be Alert while discussing sensitive information regarding your organisation and your personal data with strangers.
Online
Social engineers may obtain information on-line by pretending to be the Network Administrator, sending e-mail through the network and asking for user password or any sensitive information indirectly. The basic goals of social engineering are the same as hacking in general: to gain unauthorized access to systems or information to commit fraud, network intrusion, identity theft or simply disrupt the system and network.
Never share your password
Vishing
It is one of the methods of social engineering over the telephone system, most often using features facilitated by Voice over IP (VoIP), to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of "voice" and phishing.
Don’t give any financial information to unknown people over phone; please confirm the details of the inquirer to whom you are speaking and cross check with the concerned company or bank before giving any information.
Phishing
Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, passwords, account data and or other information. The attackers have become more sophisticated and also their phishing e-mail messages and pop-up windows. They often include official looking logos from real organizations and other identifying information taken directly from legitimate Web sites.
If you think you have received a phishing email message, do not respond to it; and don’t even click on the links you received from the unknown users.
Baiting
It is one of the methods of social engineering which uses physical media and relies on the curiosity or greed of the victim. Here the attacker leaves the malware inserted or infected USB or pen Drive, CD/DVD ROM in a location that to be found and gives a legitimate looking and makes victim curiosity and waits for them to use the device.
Don’t get tempted in accessing the devices which is left unattended or found at sidewalk, elevator, parking lot, etc.
Persuasion
Influence someone to give you confidential information either by convincing them that you are someone who can be trusted or by just asking for it. A Social engineer may ask your identity card to know about your personal information, about your School, organization etc.
Be suspicious don’t get influenced by the attractive offers and don’t give away the confidential information to them.
Dumpster diving
Dumpster diving, also known as trashing is another popular method of Social Engineering. A huge amount of information can be collected through company dumpsters or wastage from home.
Don’t dump any confidential papers into trash, before dumping make sure you don’t have any important information in it.
Hoaxing
A Hoax is an attempt to trap people into believing that something false as real. This is usually aimed at a single victim and is made for illicit financial or material gain a hoax is often perpetrated as a practical joke, to cause embarrassment.
Beware don’t believe the e-mails received from unknown and don’t ever give the financial information.
Pre-texting
Pre-texting is the act of creating and using an imaginary scenario to engage a targeted victim in a manner that increases the chance the victim will reveal information or do actions that would be unlikely in ordinary circumstances. It is more than a simple lie.
Be cautious because strangers try to fool you by creating false situation and make you to believe in order to collect the confidential information.