Social Engineering Content

by Prashant Ojha Software Trainer

What is Social Engineering

Social engineering is a method of misguiding users and getting their personal information such as email id, contact number, sometimes bank details and other personal details. It is directly related to phishing or hacking. The purpose of using Social Engineering is to collect personal details of users and use it for own benefits.

You can easily understand if someone has the access of user’s sensitive information, what kind of misuse they can do.

However, it is social engineering content also used for marketing purpose. For example, it might be used in marketing products and political campaigns. With this method advertisers get to know about people’s preferences and habits is gathered in advance. Then this information is used to encourage people for buying stuff, opt in for subscriptions or to vote for a particular person or political party.

Types of Social engineering content

As we know, social engineering is basically used to collect data of users. So it could be only two types. One is to collect data and misuse it and second one is to collect the data and use it for showing customized ads by understanding user behaviour and habits. Social media ads preference works on this algorithm. Whenever an advertiser creates an advertisement on social platform, they customize advertisement audience and for that they could either upload the existing data or choose between the provided options. Here people use data collected by social engineering content techniques and customize their audience.

However, social engineering content is generally known for fraud.

Types of social engineering attacks

Depending on the information, people who have the user data could perform actions according to their choice. Let’s have a look on one example below.

Example 1:

Back in 2013, the Associated Press Twitter account was taken over by the Syrian Electronic Army (SEA), which posted the above tweet. Within moments, the stock market dropped: the Dow Jones Industrial Average dropped 150 points as the tweet was re-tweeted, and the Standard & Poor’s 500 Index fell about 1%, briefly losing USD$136 billion in value before quickly rebounding.

They got the access of Associated Press Twitter account by a phishing email.

Example 2:

RSA SecurID breach

Adobe Flash and vulnerabilities go hand in hand, which is unfortunate for RSA’s SecurID. Back in 2011, RSA employees received two phishing emails, which would ultimately lead to SecurID’s two-factor authentication system being compromised – costing RSA $66 million.

RSA said in a blog post:

We can understand that social engineering content could create different impact on user or companies according to people who collect data by social engineering methods.

So far we have learned about types of social engineering, how it works and its impact. Now let’s move on to the SEO aspects of social engineering.

While using data collection forms on website or blogs sometimes we encounter the problem of webmaster errors which says “Social engineering Content Detected” on your website. It is not at all good for your website.

There are few steps which you need to follow in order to get rid of this problem. Here is how to get rid of Social engineering detected problem.

Check webmasters for security issues.

Whenever we get a warning or information message from google regarding social engineering content, we need to check the webmaster immediately to understand the problem.

· Go to : https://search.google.com/search-console/security-issues

· Select the property from top left menu

· Open the message

· Find out the deceptive content and try to remove it or make changes in it.

Next Step

Check for Third Party Resources on your website

Ensure that any ads, images, or other embedded third-party resources on your site's pages are not deceptive.

· Note that ad networks may rotate the ads shown on your site's pages. You therefore might need to refresh a page a few times before you're able to see any social engineering ads appear.

· Some ads may appear differently on mobile devices and desktop computers. You can use the URL Inspection tool to view your site in both mobile and desktop views.

· Follow the third-party service guidelines described below for any third-party services, such as payment services, that you use in your site.

For more information on steps, follow the google guidelines on Social Engineering (Phishing and Deceptive Sites)

Sources: Social Engineering Content