The quest for development of a sound digital economy has been on the upswing in the past decade. Businesses can no longer rely on traditional physical locations, newspapers or organized events to connect with their customers. A proper online presence is essential for any business. A typical genesis of a digital ID is a website with most asking the visitors to provide personal details like name and email addresses for feedback. Some might even ask for a phone number.
While this might seem like an honest business-related request, there are people who exist solely for the purpose of exploiting this need to connect to the online arena. The use of social networking sites like Facebook, Instagram, LinkedIn and personal to express oneself as well as share experiences have taken away the hustle of having to meet someone physically in order to know what they are about. The allure to divulge personal details is very high, especially with ‘live’ features that allow one to stream their activities online. Some of these ‘live’ sessions give away location and time the person was recording.
Social engineering is the art of mimicking a person’s online persona and impersonating them. In the 90s, one had to follow people physically and sometimes actually interact with them to know what they are about. The advanced ones of the time made calls using persuasive and flattering and persuasive language to get information. The popularity of social media has taken away so many loopholes as people are willingly creating personal profiles, accompanied by photos that show their lifestyles to the online community. A simple password hack can give a stranger to your online community where they can tarnish your reputation, or solicit money, among other things.
Gathering digital data is not that hard or time-consuming as compared to the previous methods. Studying individual digital footprints provides insights on what a person likes and how they would react on certain issues. Outright criminals have a tendency of monitoring how online stores bill their clients. They in turn hack data banks, gain access to confidential financial information that they use without the owner’s permission. Once the long arm of the law catches up with these activities, the unsuspecting victim is left to take the blame. On one hand, they might copy the ID of an online user and use it. On the other, they might get the credit details and rack up a bill that the owner only notices when they get the statement.
Social engineering is not just an adult problem. Children and young adults are the most vulnerable. At a time when self-identity issues creep in and the need for self-validation is high. A lot of what is posted online is not reflective of what one is going through. Rather it is a life desired. Social engineers ply on such factors to gain trust. A simple invitation to chat with an online companion turns into a highly crafted interview where over time, the victim gives up information on passwords or sensitive knowledge that can be used against them.
Others might send a link via email or an item to download. Use of catchy titles or compelling messages such as medical appeals, emergency or donations to funds that seem to be a worthy cause is quite common. If sent to an organization, this can spell doom to some of the company’s sensitive data. In late 2017, media personality Njambi Koikai who is battling thoracic endometriosis was holding an online fundraiser. An imposter attempted to ride on her predicament by posting a parallel message but offered a different mode of assistance that channeled funds away from her. Another scenario involved a number of social media personalities having people create pseudo accounts where they copy the online personalities but with sinister motives. The main targets for such are people who wield a lot of influence.
The world is increasingly becoming a global village. Many people will want to benefit from the success of others without using proper means. It is paramount that people take measures in protecting themselves from social engineering. There are steps one can take but the reality of personal responsibility in cyber attacks cannot be ignored. A lot of digital intelligence needs to be exercised.