Norton UK Blog
How social engineering is used to install spyware
The notion of someone taking over your computer and watching you through your webcam may sound like something from James Bond but hackers are already using this technology. Spyware is a serious threat and victims are often unaware that they’re being spied on.
There may be commercially available versions of this technology but it’s the illegal spyware that you should be worried about. Cyber-criminals are constantly updating their spying software but the real trick is getting you to download or install malicious software.
Technology may have advanced but human beings remain the simplest thing to hack. Social engineering is an obvious way to exploit people’s poor decision-making and hackers often use it to get past their victims’ first line of defense.
What is spyware?
As the name suggests, this form of malware gives a hacker access to your device and allows them to spy on your activity. Different types of spyware can collect your personal information, access your files, track your browsing activities or give a hacker direct access to your computer’s functions.
Spyware is generally installed on a computer without a user’s knowledge. It can be installed by accident or you can be tricked into downloading the malware by a clever hacker. It can also be downloaded by drive-by-download, which means that infected websites can install it without getting you to take any action.
Spyware comes in all shapes and sizes. Key-logging spyware can record all your keystrokes and send this information to the hacker. This can give them access to any account that you log into and lets them track your every move on your computer. Some forms of mobile spyware can intercept your messages, calls or texts.
Identity theft is also a risk when hackers have access to sufficient confidential information. Spyware can also hijack your computer or mobile device’s camera, allowing hackers to see inside your house and watch you as you go about your day. A hacker could be watching or live-streaming the view from your webcam without your knowledge, which is pretty creepy.
How does social engineering work?
Social engineering describes the process of tricking people into taking an action or unwittingly disclosing private information. Some forms of cyber-crime are all about the software but social engineering uses psychology to manipulate people into lowering their defences.
Baiting is a form of social engineering that exploits people’s natural curiosity. Hackers leave an infected USB stick where someone could easily find it. Victims find the stick, put it into their computer to check it, and that’s when they infect themselves with spyware. Clever, huh?
Spyware piggybacking on freeware or on other illegal downloads is also a problem. A victim’s free movie or music could end up being very costly indeed. They might not even realise that they’ve installed spyware on their own but this method exploits people’s desire to get something for nothing.
Some illegal download sites ask you to download infected software to use the site – this forces people to choose between taking sensible precautions and risking it for a freebie. Not everyone makes the right choice!
Phishing is a classic attack that involves sending out emails that claim to be from your bank, a service provider or another legitimate source. They can contain links that take you to infected websites and expose you to drive-by downloads. Or they try to get you to download spyware by clicking a verify button or by downloading an attachment.
These may seem like obvious cons. The key is telling a story that gets under a potential victim’s skin, whether that’s about his bank account being frozen, a mail from a friend in need or the promise of money or a free prize. Phishing often uses high pressure scenarios to force people to make quick decisions out of fear or concern.
Spyware is one of the most insidious forms of cyber-attack but there are ways to avoid it. Knowing how social engineering works is the best way to avoid falling for classic scams – as well as being a useful tool to keeping your private information private for longer.
Want to know more about phishing? Find out more in What is Spear Phishing and How does it Operate?