Critical thinking and social engineering

Nowadays it is no longer difficult to conduct background check on anyone, given the sheer amount of information available online and the tools that come in handy. One does not need to technically hack or gain unauthorized access to platforms in order to obtain sensitive information about a person. There are many ways to execute this and one of the more popular approaches is by the use of social engineering.

Social engineering in the context of information security is the art of gaining access to data, in whatever form it may come, by exploiting human psychology. We have seen this in some of the videos circulating on social media platforms; a woman pretending to be the account holder’s wife, only to be able to get through the bank’s system and ultimately change credit limit for fraudulent purposes and a new mother with seemingly a crying baby in the background rushing to terminate her supposed husband’s mobile account. We also know of people being interviewed on TV sharing how weak their passwords are and upon further prodding, could easily be tricked into answering questions like “what’s the name of your favorite dog” or “what is your mom’s maiden name,” not knowing that the same items of information could allow people to start creating the very same profile they have online and compromise their identity in the process.

There are also tools available online that can even help fast-track the identity check further. A couple of months ago we were completing the registry of our high school batch as part of our upcoming homecoming reunion. A few ladies were still not found, with one of them having only one piece of information: a Skype username.

Knowing the tool to use online and entering the same Skype username (the idea is that in all likelihood your
Skype username could very well be your Facebook username) yielded a couple of Facebook profiles, and just by identifying the same profile picture from Skype we were able to track the person. Another was contacted too because her home address was on the 10th page of Google results lying around waiting to be found! When you think about it, sometimes patience could also be the answer.

The idea that this can be done without any unauthorized access, or in no violation of any law, is both scary and beneficial at the same time. It obviously depends on why one needs to use this approach. It is scary because the sky is the limit on what can be done with that information and how easily your identity can be digitally cloned; it is beneficial in a sense that companies and even people can know more about you and your business prior to engaging with you. Bottom line is, we must be always cautious of the things we put online and what others share about us; consent has never been so essential until now.

In the same manner, critical thinking is the objective evaluation of an issue to form a judgment or conclusion. This is a very vital skill to develop in this day and age because this is where one can synthesize powerfully a situation given the information on hand. Since we know that information can be readily available in a few clicks, imagine the powerful combination that critical thinking and social engineering brings. To a certain extent, our police force or national investigation agency can greatly benefit from this.

Good or bad, the idea here is that anyone is capable of doing social engineering; however, not everyone is able to do critical thinking. There are plenty of opportunities for the citizenry to develop critical thinking, given the decline in recent years. In the end, the implication here is that all of us must then be mindful of the information we put online and what steps we are taking to secure it.

Kay Calpo Lugtu is an executive at a multinational business process outsourcing company. She is likewise the deputy director of Global Chamber Manila. Her advocacies include data privacy, financial literacy and nation-building. The author may be reached at or, to the more cautious now, at Opinions expressed here are her own.