The term hacking can be misinterpreted quite easily. In the end it’s almost always a way to circumvent a restriction (usually technical) through the application of obscure knowledge or by the exploitation of unexpected behaviours of a system. Combined with social engineering and manipulating the human part of a system, the possibilities are almost endless.
WhatsApp Fraud, a Common Example of Social Hacking
In Western Europe the most written about example of social hacking of consumers at the moment is WhatsApp fraud. These attacks started off quite basic, with WhatsApp messages coming from an unknown number claiming to be someone’s daughter or son. After just a couple of messages this person would ask for money under the guise of needing to purchase a new laptop to replace a broken one. Nowadays, the attackers have become more intelligent, calling the real children first, recording their voices and playing them back to the actual parents to trick them into doing what the attacker wants. The databases with leads containing these telephone numbers, addresses and social security numbers can be easily found on the dark web. Data can be filtered according to age category and available family relations.
Act Quickly, Avoid Corporate Ransom
The biggest risk for companies today is a ransomware attack. This is often accomplished by some form of social hack, for example a fishing email, which breaks through the first layer of security. Estimates show that over 90% of companies pay the attackers to decrypt their data. With average ransom payments now over $150,000, this has rapidly grown into a big and lucrative kind of business. It is imperative to respond swiftly in getting the appropriate help as soon as such an attack is discovered.
Preventing Social Hacking
Besides the obvious advice not to store data you don’t need, to compartmentalise access to data in the first place and to develop business processes with a separation of duties, lots of these attacks can be prevented when the end user has knowledge about these kind of attacks. The answer for companies is to keep educating users about these events and to share lessons learned after a system has been compromised. Social hacking is a phenomenon of all ages, with the example of the Spanish Prisoner con from the 19th century. The trick itself didn’t change much but it is obviously here to stay and the techniques used are quickly evolving.