Criminal justice system is “badly run and badly led” - says Michael Gove, former Lord Chancellor Find out more

blog

What do hackers know about you? The world of social engineering

We have all seen movies where hackers save the day or threaten the world with their supreme computer skills. From the early days of Matthew Broderick in Wargames to 90s Angelina Jolie in Hackers and Ving Rhames in the Mission Impossible franchise, they have been a staple in cinema for decades. But what is fact and what is fiction? What do hackers really know about you? Our Head of Computer Science Dr Paul Sant shares his insights below.

By Cara Fielder. Published 26 January 2024.

Social Media

To cut to the point, everything you have put on social media, hackers can know.

Just think:

  • How many of you have a Meta (Facebook, Instagram) profile?​
  • How many of you make your birthday, phone number and email address available from your profile page?​
  • Have you set your profile page so that only your ‘friends’ can see it, or can anyone see it?​
  • How many ‘friends’ are you connected to?​
  • How many of you play the quizzes and games?

All the above give hackers an opportunity to access your information. Whenever you are starting an online profile, stop and ask yourself - 'why are they asking for these details?’

Next, you are probably wondering how they get this information...

Social engineering

Social engineering is the process by which an adversary (could be a human or a computer) can manipulate a victim (typically a human) into sharing information about themselves that they would not ordinarily share.​ This can be done in person, over the phone or via the internet.

Have you received one of those calls from someone pretending to be from a bank you don’t have an account with? They are trying to socially engineer banking details from you. Scams rely heavily on this tactic.

Why is social engineering so successful?

Whether we want to admit it or not, humans are the weakest link when it comes to cybersecurity. People lose information, throw it away, overshare and leave computers unattended. We are the reason social engineering is so effective.

Types of social engineering include:

  • Phishing (Spam, Spear, Angler)​ – fraudulent solicitation in email or on a website, often pretending to be a bank
  • Baiting​ - promises an item, commodity, or reward to attract victims, then infects their systems with malware to steal sensitive information
  • Scareware​ - malware attack that claims to have detected a virus or other issue and directs the user to download or buy malicious software to resolve the problem
  • Domain Name System (DNS) spoofing - a user is forced to navigate to a fake website disguised to look like a real one, to steal website traffic or user details.

There are four main reasons people carry out these social engineering scams:

  • To extort money
  • To steal information to duplicate or use to upset the victim
  • Identity theft for financial gain
  • To cause disruption and to prove it can be done.

How can you protect yourself against hackers?

There are several ways you can minimise the possibility of hackers getting their mitts on your information and your accounts.

  • Don’t share so much​ (online or in person - especially after a few cocktails)
  • Think twice before giving out any personal information​
  • Think about who can ‘see’ information you post on social media​
  • Protect yourself by checking your privacy settings ​
  • Report to the provider, internet service provider or the police ​
  • Practice good ‘cyber hygiene’.

When it comes to social engineering, stay suspicious. If you have any doubts, ask for proof of identity or contact the company or individual involved in a different way. For example, if that banking email looks suspicious, contact your bank directly and ask for information that way.

 

Want to improve your knowledge in data privacy and cyber security? Check out our computer science degrees today.