Social Engineering refers to any scam where the perpetrator tries to trick someone into sharing sensitive information by pretending to be someone (or something) they’re not. Social engineering computer threats have been around for years, and have taken on several forms, including baiting, phishing scams (and lesser known vishing and SMiShing), and rogue security software. Much has been said about these malicious attempts to steal credit card numbers, passwords or other sensitive information. Whether the threat is disguised as an email from your bank, a business opportunity from a foreign dignitary, or even a piece of internet security software, their real objective is to socially manipulate you to give them your private information.

Famous hacker Kevin Mitnick has acknowledged that social engineering is taking advantage of the human element to trick you into giving them what they want, which often proves more effective (and easier) than trying to break into the system.

This “humans are easier to break than computers” method continues to prove successful for hackers and identity thieves, and is arguably becoming more convincing. With the increasing propensity of web users to “overshare” anything and everything on social networks and click on any link without much forethought, social engineers are discovering new ways to exploit the human hardware.

2010 has seen all sorts of security exploits targeting Facebook and other social networks. Furthermore, SEO poisoning seems to be sticking around. These two threats continue to work so effectively because people trust their friends and have a (probably unwarranted) trust in search engines.

SEO Poisoning

Search engine optimization (SEO) is the dynamic technique used to improve traffic and popularity on search engines. And while Google’s continually changing algorithms keep some would-be SEO alchemists at bay, there are still plenty of malicious websites that manage to make it in the top search results using a form of social engineering SEO. The common belief that everything on the first page of Google is safe is no longer viable.
SEO poisoning is also known as black hat SEO, spamdexing and link farming (though I prefer “SEO toxicology”). SEO poison experts find popular search terms (current or expected in the future) and socially engineer websites that will rank high in search engines on those terms. McAfee’s annual “Most Dangerous Celebrity in Cyberspace” report found pop culture’s riskiest celebrities of 2010, including Cameron Diaz, Julia Roberts, Jessica Biel, Gisele Bundchen and Brad Pitt. Noticeably missing from the top: President Obama and Justin Bieber (place any number of jokes here).

But SEO poisoning doesn’t just target the human interest in celebrities – it happens with any trending topic. Obviously there are plenty of malicious sites that attack under the guise of pornography, but there is also plenty of potential with seemingly safe terms. Some of the more popular SEO poisoned terms include:

• Screensavers
• Free games
• Webkinz
• iPhone
• Twilight
• Haiti earthquake
• Work from home

And you can usually find a threat or two by searching for upcoming holidays, world events or news stories. It doesn’t take an SEO genius to predict that there will be tons of traffic in the future with searches for upcoming Olympics, presidential candidates, World Cup, etc. I personally will probably fall for any future internet threat that revolves around free Krispy Kreme doughnuts or a Steve Perry/Journey reunion concert tour.

The Antidote for SEO Poison: Link Scanners

The best defense from malicious online threats is internet security software, and the best internet security suites come complete with proactive protection from any malicious website. While McAfee has had a web security rating scanner for years, more and more security software companies are getting on board with their own link scanners. These practical web-browser add-ons provide insight to websites before you click on them. For the most part the link scanners work in real time as you surf and use search engines, flagging each search result with security ratings. The small color-coded security icons are actually pretty non-obtrusive, and for the most part won’t slow down your browsing. For more information on link scanners, including McAfee SiteAdvisor, Trend Micro’s Trend Protect, Norton Safe Web and WOT (Web of Trust), see our article on website reputation rating tools.

Facebook Security

Facebook has had a number of internal privacy concerns, but many hackers and identity thieves are also using the successful social network to their advantage with new social engineering techniques. Some Facebook security threats are simply messages that pretend to be from Facebook, or from one of your friends. Who wouldn’t want to click on a link that says “see this video your friend caught of you this weekend” or “your friend has sent you this hilarious video”? Oh, you don’t have the right codec to view the movie? Chances are that the “codec” they suggest you download is a computer virus, hacking tool or other malware. But it’s easy to let your guard down when you’re dealing (supposedly) with friends and are already in the mode to socialize and share. So how do you avoid sharing too much with the wrong sources and prevent malicious links from popping up on your Facebook wall?

Expect to see more Facebook security apps in the future, but for now there are a few social networking security tools available that work quite well. McAfee has partnered with Facebook and has a Scan and Repair tool to take care of any phishing attacks that have hijacked your Facebook account. Norton has expanded their SafeWeb security ratings to work with links posted on Facebook. And BitDefender’s Facebook privacy app, BitDefender Safego, was just released in beta.

For now, search engines and social networks are far from bullet-proof, but there are useful tools and apps to significantly improve security. A good deal of common sense and practical caution can go a long way online, but with social engineering threats specifically designed to placate your better judgment, common sense may not be enough. But with a good combination of strong security software and safe internet practices, you can still surf, search and socialize safely.

At TopTenREVIEWS We Do the Research So You Don't Have To.™