According to a new report from the IT news site Sys-Con, more hackers are now engaging in a practice they call "social engineering," which involves calling an individual or business for the purposes of probing for detailed information about their computers. Often, they will pose as an IT professional from a company that someone may have called seeking help, such as Dell Computers.
These criminals will try to hurry details out of a targeted person - such as a computer's operating system and the web browsers it uses, as well as when they last ran a security update and the type of antivirus programs they have - the report said. Typically, they say this information is needed to close a security hole that the potential victim didn't know about.
The report said that hackers want to maximize three things to be successful: vulnerability, exploitation and maintenance of access. By gaining all of the above information, they were able to learn exactly which security deficiencies they can exploit, particularly those in the web browser and antivirus software. By learning when the last time a security update was run, they can also learn how best to exploit those vulnerabilities and, if the system gets updated regularly, how long they have to hack into a computer and mine data. The report said that it's "very easy" to find and package ways to exploit a system once all this data is known.
These techniques require less actual technical know-how, so any would-be hackers that might have had insufficient skills to successfully get into a computer can now perhaps gain greater access to a targeted computer. In fact, at a hacker convention earlier this year, 80 of these criminals made a game of calling 10 companies and getting data they could use for a future breach. All of the victims failed to adequately protect themselves.
Consumers should never give out details about themselves or their computers to someone who calls to request such information, no matter what they say their qualifications are. Reputable businesses would likely never engage in such practices.