A good deed done? Or....
Imagine that you're at the office and a call comes in from a familiar charitable organization that's raising money to fight a disease that has affected your family. There's a walkathon happening, they explain, and a prize drawing for donations. You express your interest and are pleased to hear that the prizes include tickets to your favorite musical group. The caller offers to send you some more information on the event and you agree. A PDF arrives several minutes later with the date and time for the walkathon, as well as more details on parking for the event and how the money will be used.
An opportunity to help a cause near to your heart? Or....
Both of these scenarios are actually examples of social engineering, the relational aspect of hacking in which the criminal relies more on human nature for their attack than on cracking a password or penetrating a firewall. Perhaps while reading this you recognized the con right away, but place yourself for a minute in these situations and think about what you might have done.
The good deed was actually just a way for the criminal to open up a malicious PDF - via their email - that would infect your laptop and allow them to gain access to your data. The "charitable organization" was actually a criminal posing as a volunteer. He had learned personal information about you from Facebook and other social media (including details such as the disease which had affected your family and your taste in music) and used it to make you more interested in supporting the walkathon, which was really just a virus that you willingly opened in your own email.
Devious, isn't it? But hackers know that often the weakest link in a family or organization's Internet security is the people not the firewalls and security systems. The people.
So let's not be one of those people. For more information on social engineering and helpful tips for protecting yourself, check out the following sites and articles: