Social engineering is “the art and science of the psychological tricks to get the desired results from human beings and to make them comply accordingly for unauthorized operations.” It may seem innocent and harmless. It could be phishing email or website that asks for your account number and PIN. Or it could be a hacker posing as a phone engineer, asking for your voice mail password. Or it could even be someone posing as a marketer, asking simple survey questions, hoping to get your private information so he can sell it to call centers.
Unlike viruses and Windows vulnerabilities, there is no technical solution to social engineering attacks. No amount of patches, anti-virus tools, spyware blockers, or firewalls can prevent social engineering attacks. The best defense is consumer awareness and education, whether you are an ordinary consumer or a company that treasures the confidentiality of its data.
Do not presume that the person is who he says he is. If someone calls you and says he is from PLDT and is doing a routine check, do not assume that he is telling the truth. If you can’t positively verify his identity, then don’t transact or communicate with him. Just following this simple rule will secure you against many phishing attacks.
Do not unnecessarily volunteer information. Even if the information seems harmless, think of it as one more piece in the puzzle for identity thieves or hackers to launch an attack. Consider, for example, that most banks use your birthday and your mother’s maiden name as a means for secondary verification. Even giving away your home address, phone number, and email address can open yourself up to all sorts of intrusive telemarketers and spam mail. And don’t ever give your PIN or password away.
Protect sensitive information. Don’t write down your PIN or password. I know someone who wrote his ATM PIN on the back of their ATM card, and when he lost his wallet, he also lost all the cash in his bank account. Consider purchasing a shredder if you are particular about your personal information on paper documents. Get disk disposal tools that securely overwrite your hard disk. If you store private information on flash drives or other portable media, encrypt the data so that your information will not be compromised if you misplace the drive.