Social Engineering

Social engineering is a version of the classical confidence game. It is quite well-known that the weakest link in computer security is often the person at the keyboard.

A social engineer takes advantage of the human tendency to trust, and may additionally take advantage of a user’s lack of understanding of the system they are working with.

Social engineering can happen on the phone, in person, over social networks, email, and even over IRC, and the objective can range from simple “griefing”, to theft of personal information, and even financial crimes.

The Bad - Trolls

Trolls may use social engineering techniques to try to convince others to run commands which will disconnect them or otherwise disrupt their use and enjoyment - for example, telling a user that pressing Alt+F4 will give them ops in a channel, when in reality, it’s a command to close the current program.

The Ugly - Phishing

A more serious attack might be aimed at control of your computer - once obtained, an attacker can install malicious programs to spy on your activities, gather passwords, and potentially gain access to your other accounts - even your bank account if you use online banking.

Once you’ve unwittingly invited them into your computer, they have a foothold and will proceed to install software to mask their presence on your system while gathering up your information. Such malware may evade detection even by current, up to date antivirus programs if it’s not widely circulated and used just by the attacker.

And everything in between.

The same tactics are also used for channel takeovers, and to give attackers a launchpad to attack other systems or a place to store files for ilicit distribution - even if you have nothing to protect, you might be providing a springboard from which other attacks are launched.

Protecting yourself