Posted on January 17, 2023 in Technology

Social Engineering as a Hacking Tool

You may have heard by now that LastPass suffered a pretty big breach, although thankfully no user passwords were outright compromised (you should still enable 2FA on anything LastPass touched though – the URLs of the websites were lost in the breach so hackers could attempt to brute-force into an account they know you’ve visited).

The attack in question wasn’t a hack in the traditional sense, but a social engineering attack. The hacker(s) created a fake account in order to fool a developer into sharing credentials, at which point they stole data from the development environment to use later in a large-scale attack.

Change your passwords and enable 2FA wherever you can – if you’ve been using LastPass’s recommended 8 character long passwords, or anything that’s not truly random, you should upgrade your password to a longer one. 8-character passwords are no longer an impenetrable wall like they used to be, so longer, more random passwords or even passphrases that are multiple words long are better!

Remember: don’t listen to accounts claiming to be people you know if you don’t recognize the email address, and always check the address carefully for spelling mistakes. It does not matter if they know your name or if their email tag says ‘mom’ – both of these things are easy to make happen. Social engineering attacks include phishing attacks, so following the protocols for phishing can help avoid social engineering breaches as well. If someone calls you and demands you take immediate action, either by threatening or promising a gift that will disappear if you don’t respond ASAP, remember to pause a minute to really think about what they’re asking for, and verify thoroughly.

Similarly, if your work uses badges to control who enters the building, you shouldn’t hold the door open for people you don’t recognize as coworkers – this is known as ‘piggybacking’ and it takes advantage of the fact that most people want to be polite and will hold the door.

This is far from a comprehensive list, so always keep your eyes peeled – identity theft and social engineering can come from any direction!