Cybersecurity Challenges in Social Media Erdal Ozkaya
Yüklə 1,17 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- 3.3.5 Persuasion
| 3.3.4
Mind tricks The whole social engineering attack is based on mind tricks, so this is a step that is used in many of the other parts of the social engineering attack framework. This part of the social engineering attack involves the use of specially crafted tricks to alter the thought patterns of victims. Mind tricks are used to some degree in many other areas in life, such as in sales, to make product prices appear less costly and in interrogation rooms to make suspects take a plea. Mind tricks are more of a psychological affair and they are used to unlock the minds of the targets exposing them to the control of the social engineer. An excellent social engineer is a good mind reader and this is achieved by mastering a number of mind tricks. 3.3.5 Persuasion Just like mind tricks, persuasion is a cross-cutting topic in the whole of the social engineering process and, thus, cannot be constrained to a certain step. So as to persuade a target, a social engineer needs to appeal to the target’s interests first (Bullée et al., 2015). Persuasion gets targets to react, think and do exactly as the social engineer wants. Persuasion leads to unquestionable influence in the minds of the targets. So that the attack is successful, 49 social engineers perfect their persuasion skills. They make sure that the influence they have on the targets is undetectable but far-reaching. 3.4 Social engineering through social media One of the key enablers of social engineering is social media. Attackers would have been starved of information about targets if it were not for social media platforms. A lot of information gathering for a social engineering attack is done on social media. Social media platforms, ever since their creation, have encouraged users to share every tiny detail about themselves (Kim, 2014). A platform such as LinkedIn encourages users to share information about their professional lives. They post their educational history, the organizations they have worked with, the titles they had, and a description of duties for all these titles. Facebook, on the other hand, encourages users to share information about their entire lives, their daily activities, the schools they have gone to, the workplaces they have been at, their spouses, and so much more. Instagram wants users to keep uploading pictures of wherever they are just to tell their followers what they are up to. The list of social media platforms and what they encourage users to do is long. Social media companies understand that they rely entirely on the content that users generate and, therefore, want them to keep sharing information, no matter how risky it has become to do so. Social engineers are among the beneficiaries of the binge-sharing of personal information by users (Algarni, Xu, and Chan, 2017). The users are helping social engineers to learn how to best attack them. It is no longer a hustle to get details about a target; social engineers are just hopping onto the target's social media accounts to get flourished with extensive details about the target (Edwards, 2017). The only way users can stop this is by limiting the people that can view their data. Fortunately, the users are so lazy that they do not want to go to the settings given to them by their platforms to limit their audience. 50 Another way that social engineering is being conducted through engineering is through direct attacks to the users. It is unbelievably easy for a social engineer to create a fake or a cloned social media profile (Mouton et al., 2015). Social engineers are using these fake or cloned accounts to get users to do them some favors such as giving out some information or lending them some money (Bakhshi, Papadaki, and Furnell, 2009). Other attackers are using these profiles to issue threats or commands to users and giving them ultimatums to have some information or some money sent. There is also another group of social engineers that uses social media to send malicious links to users. They come up with the most enticing reasons to get users to click on these links. There are those that claim to be giving out free money, others claim to have a system that can generate likes and followers, and others are even offering ridiculous opportunities with an unbelievable pay (Snyder, 2015). Anything that can capture the interest and attention of a user is being used. Social media has become one of the largest vehicles for social engineering. Every fair-minded person can turn to be anyone on social media. Users on social media are not so keen, and therefore it is easy for them to fall victim of cheap scams, requests from fake accounts, and threats. Yüklə 1,17 Mb. Dostları ilə paylaş:
|