In the computer security world, “social engineering” is the process of persuading a person to give up a password or other important piece of data by tricking them. Typically done either by e-mail (or other electronic message, like Facebook) or phone, the person on the other end will pretend to be your IT help desk, your bank, some kind of investigator, or other person with whom you may trust the data. (When done by e-mail, this is more specifically known as “phishing.”)
There’s almost never a time when it’s necessary to give a password other than in a password form. Your bank will never ask for it, and neither will any non-lazy corporate IT department. If you must give it over the phone, make sure you initiated the call so that you at least know the person on the other end is who they say they are. If you’re clicking a link in an e-mail and it asks you to give a password, make sure that the address bar at the top of the window starts with the domain name you’d expect. If you think you clicked on a link from Chase Bank but see “http://chasebank.myfreehosting.com/login.php” in the address bar, chances are your bank accont will shortly be empty if you type in your password.
This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.
Hi, I read your blogs regularly. Your story-telling style is awesome, keep it up!