Social engineering in our virtual world

In this present world virtual life has more impact on us than our real life. Virtual life is a life through the lens of technology and real life, the one in which we live in. Smart phones, tabs, iwatch, these have brought the virtual world in our hands. In today’s date social networking has become vital and primary necessity of our life. Social networking is to build, social network or relationships among people who share same interest, activities, background, or real life connections.
When we enter in jungle where ferocious animal may attack anytime, we take precautions for that. we have fear and have enough preparation to tackle that. Same way we should be aware while we enter to this Virtual world otherwise anytime we may face attack. No doubt Social networking makes our life easier to stay connected, but it also has an negative impact in our lives through social engineering.
Social engineering is non technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. it is one of the biggest threats that organisations today encounter.  
Social engineering is based on online attack. the target could be a person or an organisation, the target by searching the victim’s name in search engine or any other social network sites like facebook, twitter or linkedin and dig out as much as information possible.
Why Social engineering is succeeding its goal: We are posting too much information on social networks.  We human tend to trust people, adding unknown to social networks, we tend to check on unnecessary popups. Due to our carelessness or to make our lives easy we save passwords on our mobile phones or tabs. Usually there are two types of social engineering: Human Based and Technology based
Human Based:
In human based Social engineering is based on to a person to person interaction used, to obtain their intentions, These attackers play with human psychology and earn their confidence by growing trust or fear. This way we tend to give away our vital information without even verifying to whom we giving out our information like name, date of birth, address, parent details.
Above information are very vital in terms of claiming others property and many other illegal activities.
Technology Based:
In technology based social engineering is a category of security attack in which one manipulates others into revealing information which can be used to steal data, access to systems, cellular phones money or even your identity through different malicious programs or software. The common ones we face through pop-up windows, spam emails, instant chat messengers.
Reality on Business:
Online Banking has become very popular and acceptable in today’s date for its great facilities all over the world. almost every renowned companies offer their website and has access to online banking. online bank is also a great opportunity for the hackers, they always stay on target to accessing company accounts if they succeed it can cost a big loss of reputation and goodwill which can erode a company’s base in the long run. Not only Bank but also other Financial Institute is one of the major targets of Hackers.As prevention companies are spending huge amount every year for improving technological threats but in reality it only takes one internal staff that company’s security to be compromised.
From an interview of Kevin Mitnick (famous hacker) he said,  “what i found personally to be true was that it is easier to manipulate people rather than technology. most of the time organizations overlook that human element (staff).”  How can we defeat Social Engineering attack:  The best defense for combating social engineering fraud is awaring and acknowledging the generation through education and training.
The following steps should be able to reduce the probability of social engineering attacks.
Passwords are a very important fact, never use the same password for every site or social network for example emails or facebook or twitters. Make sure to keep your passwords long and complex so it becomes difficult for hackers to break through.  Limit your personal information, do not post information which you are are uncomfortable to share, such as address or information, your schedule or routine, including your photos and status. Remember your friend and family are not the only ones watching you. there are crackers or hackers who could misuse your identity and information.  Internet is a public resource so only post information which you are comfortable for anyone to see, it includes your profile information, photos, videos in any blogs or other forums. Because once your post it is hard to delete even if you wish to. it may be deleted from your system but it can be saved or cached version in search engines or it may stay in someone else’s system.  Frequently monitoring is necessary for accounts and personal datas. Check your accounts balance and credit score regularly. Enable two factor authentication as much as possible.  Careful about unknown person. We should not add unknown person in social sites.
Email response habit- we should be aware of spam mails, advertisements and all sort of unknown mails we get and we should be very conscious to check on these mails to prevent anything maliciously to get downloaded to computer.
Do not write down your passwords of emails or ATM cards anywhere like on your diaries or phones.
Consider using strong passwords- protect your account by twisting your passwords. Some best practices are  don’t use passwords that are based on personal information,
don’t use word that exist in dictionary, try to use passwords mixing with words or numerical words or any other language that you
comfortable with.
To know the strength of your password
you can freely checked by Microsoft Password Strength checker or in Geekwisdom password strength meter.
For Staffs:
Email: If sender is unknown and the email subject is not Business relevant, immediately delete the email to prevent the download of malware to your computer.
Call center: If someone calls in and asks for information, don’t presume they have a right to know. First verify who is calling and reason they need the information.
On-line chat: Using informal communications tools often creates the appearance of a closer
relationship than actually exists. We should
not be fooled into sharing information with a
so-called friend.
Paper: Don’t leave sensitive information lying around and ideally only print sensitive information if you can retrieve it immediately from the printer. If your print out is not there, don’t just print another, be suspicious. If you are discarding confidential records, sensitive memos or reports, make sure they are shredded rather than leaving them in the garbage.
In our real world we always look out for our safety in every possible way. if we concentrate and be more attentive in our virtual world, we can help ourselves to get away from thee social engineering traps. as of today, we believe in our virtual life more than our real life, websites, social networks, net surfing has become a very important for all of us and to save our selves we just need to be more attentive towards our passwords, emails, spams, signing in or out from any device and frequently checking on accounts if you are connected to online banking or shopping. it is never possible to 100 per cent  prevent from these social engineering attack but if we are conscious and suspicious we can save from being trapped easily in virtual world.
The writer is presently working at The Premier Bank Ltd IT division.

Social engineering in our virtual world

In this present world virtual life has more impact on us than our real life. Virtual life is a life through the lens of technology and real life, the one in which we live in. Smart phones, tabs, iwatch, these have brought the virtual world in our hands. In todays date social networking has become vital and primary necessity of our life. Social networking is to build, social network or relationships among people who share same interest, activities, background, or real life connections. When we enter in jungle where ferocious animal may attack anytime, we take precautions for that. we have fear and have enough preparation to tackle that. Same way we should be aware while we enter to this Virtual world otherwise anytime we may face attack. No doubt Social networking makes our life easier to stay connected, but it also has an negative impact in our lives through social engineering. Social engineering is non technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. it is one of the biggest threats that organisations today encounter. Social engineering is based on online attack. the target could be a person or an organisation, the target by searching the victims name in search engine or any other social network sites like facebook, twitter or linkedin and dig out as much as information possible. Why Social engineering is succeeding its goal: We are posting too much information on social networks. We human tend to trust people, adding unknown to social networks, we tend to check on unnecessary popups. Due to our carelessness or to make our lives easy we save passwords on our mobile phones or tabs. Usually there are two types of social engineering: Human Based and Technology based Human Based: In human based Social engineering is based on to a person to person interaction used, to obtain their intentions, These attackers play with human psychology and earn their confidence by growing trust or fear. This way we tend to give away our vital information without even verifying to whom we giving out our information like name, date of birth, address, parent details. Above information are very vital in terms of claiming others property and many other illegal activities. Technology Based: In technology based social engineering is a category of security attack in which one manipulates others into revealing information which can be used to steal data, access to systems, cellular phones money or even your identity through different malicious programs or software. The common ones we face through pop-up windows, spam emails, instant chat messengers. Reality on Business: Online Banking has become very popular and acceptable in todays date for its great facilities all over the world. almost every renowned companies offer their website and has access to online banking. online bank is also a great opportunity for the hackers, they always stay on target to accessing company accounts if they succeed it can cost a big loss of reputation and goodwill which can erode a companys base in the long run. Not only Bank but also other Financial Institute is one of the major targets of Hackers.As prevention companies are spending huge amount every year for improving technological threats but in reality it only takes one internal staff that companys security to be compromised. From an interview of Kevin Mitnick (famous hacker) he said, what i found personally to be true was that it is easier to manipulate people rather than technology. most of the time organizations overlook that human element (staff). How can we defeat Social Engineering attack: The best defense for combating social engineering fraud is awaring and acknowledging the generation through education and training. The following steps should be able to reduce the probability of social engineering attacks. Passwords are a very important fact, never use the same password for every site or social network for example emails or facebook or twitters. Make sure to keep your passwords long and complex so it becomes difficult for hackers to break through. Limit your personal information, do not post information which you are are uncomfortable to share, such as address or information, your schedule or routine, including your photos and status. Remember your friend and family are not the only ones watching you. there are crackers or hackers who could misuse your identity and information. Internet is a public resource so only post information which you are comfortable for anyone to see, it includes your profile information, photos, videos in any blogs or other forums. Because once your post it is hard to delete even if you wish to. it may be deleted from your system but it can be saved or cached version in search engines or it may stay in someone elses system. Frequently monitoring is necessary for accounts and personal datas. Check your accounts balance and credit score regularly. Enable two factor authentication as much as possible. Careful about unknown person. We should not add unknown person in social sites. Email response habit- we should be aware of spam mails, advertisements and all sort of unknown mails we get and we should be very conscious to check on these mails to prevent anything maliciously to get downloaded to computer. Do not write down your passwords of emails or ATM cards anywhere like on your diaries or phones. Consider using strong passwords- protect your account by twisting your passwords. Some best practices are dont use passwords that are based on personal information, dont use word that exist in dictionary, try to use passwords mixing with words or numerical words or any other language that you comfortable with. To know the strength of your password you can freely checked by Microsoft Password Strength checker or in Geekwisdom password strength meter. For Staffs: Email: If sender is unknown and the email subject is not Business relevant, immediately delete the email to prevent the download of malware to your computer. Call center: If someone calls in and asks for information, dont presume they have a right to know. First verify who is calling and reason they need the information. On-line chat: Using informal communications tools often creates the appearance of a closer relationship than actually exists. We should not be fooled into sharing information with a so-called friend. Paper: Dont leave sensitive information lying around and ideally only print sensitive information if you can retrieve it immediately from the printer. If your print out is not there, dont just print another, be suspicious. If you are discarding confidential records, sensitive memos or reports, make sure they are shredded rather than leaving them in the garbage. In our real world we always look out for our safety in every possible way. if we concentrate and be more attentive in our virtual world, we can help ourselves to get away from thee social engineering traps. as of today, we believe in our virtual life more than our real life, websites, social networks, net surfing has become a very important for all of us and to save our selves we just need to be more attentive towards our passwords, emails, spams, signing in or out from any device and frequently checking on accounts if you are connected to online banking or shopping. it is never possible to 100 per cent prevent from these social engineering attack but if we are conscious and suspicious we can save from being trapped easily in virtual world. The writer is presently working at The Premier Bank Ltd IT division.