Here we are! Living in the virtual balloon, created by an influx of computing devices and facilitated by groundbreaking innovations of the modern age. However, none of our devices are perfect, and can be easily used against our wishes to cause problems. To put it in another way, the virtual balloon is susceptible to a sudden burst-out, especially if we are not careful.
Just like any other innovations, the computing innovations have brought in a fair share of opportunities and risks. It only inspired people’s good intentions, but also encouraged a huge group of people with bad intentions to exploit the loopholes. This group is known as black-hat hackers, who uses a variety of psychological and technical tricks to exploit the security loopholes in our systems and cause massive damage for their advantage.
Luckily, these cyberattacks can be prevented, or at least minimized with a combination of knowledge sharing, vigilance, and technical precautions. It all begins with learning about the major computer vulnerabilities.

Definition of Computer Vulnerability

In cybersecurity terms, computer vulnerabilities are defined as a defect or weakness in the computer itself, or the network it is connected to, or anything else; which leaves the system vulnerable to cyberattacks. It can be as little as a weak password, or insecure login.
These vulnerabilities exist, because it is not always possible for programmers and developers to comprehensively consider every aspect of a computer system. The result is an amalgamation of unsafe or incorrect coding techniques, that leaves some security loopholes to be exploited if intended. With the continuous improvement of programming techniques, over time, the old software has also become more vulnerable. Some of the most common examples of computer vulnerabilities are:
Security bugs and coding errors
Virus infected software, malicious web links
Virus infected USB drives and other portable drives
SQL injections, OS command injections
Cross-site scripting and forgery
Broken algorithms, redirected URLs
Unrestricted uploads and downloads
Unrestricted connectivity
Weak and easily guessable passwords
Missing data encryptions
Missing authentication and authorization
Buffer overflow, path traversal
Downloads of codes without appropriate checks
Unknown insiders with unrestricted access and questionable behavior

The programmers and IT professionals try to address these issues with the development of patch codes and security updates. However, to tackle these vulnerabilities, they also need the help of the end-users. Both the network professionals and the users need to remain vigilant, update their software and systems regularly, and keep themselves aware about the latest vulnerabilities.

Definition of Social Hacking
In general, social hacking refers to the attempted manipulation of social behaviors with an intention to control the outcomes. In technological terms, it is part of a broad term called social engineering, which is the art of psychological manipulation to dupe users into giving away sensitive information such as passwords, or trick them into performing a security mistakes by using technology. In contrast to other hacking techniques where the hackers look for and exploits the software or system vulnerabilities, social hackers take advantage of common social practices to obtain login credentials.
In general, social hackers perform their attacks in multiple steps. At first, they investigate the intended target to find out potential weaknesses and points of entry. Then, they use some social techniques in order to gain the trust of the victim. Once the trust is gained, they move on to manipulate them into performing a malicious task, such as password sharing, providing access to critical assets, etc.

Common Techniques of Social Hacking
As a psychological manipulation technique that exploits the weaknesses of human behavior, social hacking can be performed anyplace with human interactions. The most common techniques used for social hacking are:
Baiting: Similar to the fishing technique, the hacker preys upon the greed or curiosity of a user, and use these natural instincts as bait to lure them into a trap where they unintentionally expose their personal information, or inflict their system with malware. This technique usually involves the use of a physical, portable media such as the USB drive.
Phishing: It is a well-known social engineering technique that still works, despite huge awareness. The technique usually involves sending out emails and text messages containing links and information to create a sense of urgency, or ignite the curiosity and fear. The links usually redirect to a fake or malicious site, which are used to collect sensitive information.
Spear Phishing: This is a more advanced version of phishing, where the criminals target a specific person or company and create personalized messages to entice their intended target, without raising any suspicion. This method requires a lot of time and efforts, but have a greater success rate.
Pretexting: Inspired by a writing technique used to attract the reader’s attention, the haters use a compelling story to hook the users. Then, they use some more cleverly crafted lies to convince them into performing an unsafe task.
Scareware: Ever came across a website giving you a false warning about how your system is going to be crashed soon, if you do not install a particular software? This is an example of scareware, where the hackers use false alarms to create fear and duping users into installing some malicious software. Once installed, the systems get infected and creates a hacking wonderland.

To summarize, computer vulnerabilities expose the systems and networks to cyberattacks, including the less technical, yet more severe social hacking. Both of these issues can be resolved partially with technical measures such as the use of multifactor authentication, as well as installing the latest anti-virus and malware software. Due to its nature, social hacking cannot be prevented by technical measures alone. It also needs to rely on people’s awareness and their ability to ignore suspicious emails, attachments, etc. It also helps to remember that if the offers are too good, it may as well be untrue.