Examples of social engineering and tips on how to prevent this type of attack happening to you.
Social engineering is the art of manipulating people so they give up confidential information.
The types of information these criminals are seeking can vary, but when individuals are targeted the cyber-criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.
Criminals use social engineering because it is usually easier to exploit your natural instinct to trust. For example, it is much easier to fool someone into giving you their password than it is for you to try brute forcing their password (unless the password is really weak and obvious).
Ask any security professional and they will tell you that the weakest link in the security chain is the human who accepts a person or scenario at face value. It doesn’t matter how many locks are on your doors and windows, or if have guard dogs with rabies, alarm systems, floodlights, fences with barbed wire, miniguns, and armed security personnel; if you trust the person at the gate who says he is the pizza delivery guy and you let him in without first checking to see if he is legitimate you are completely exposed to whatever risk he represents. He has bypassed your whoel security protocol and has gained access to exactly what you are trying to protect.
What Does a Social Engineering Attack Look Like?
Email from a friend
If a criminal manages to hack or socially engineer a friends email and password they have access to that person’s contact list–and because most people use one password everywhere, they probably have access to that person’s social networking contacts as well. A hacker having control to your emial is fatal becasue they can access every account you own by simply doing ‘Forgotten my password’.
Once the criminal has that email account under their control, they send emails to all the person’s contacts or leave messages on all their friend’s social.
Taking advantage of your trust these messages will:
- Contain a link that you just have to check out–and because the link comes from a friend and you’re curious, you’ll trust the link and click–and be infected with malware so the criminal can take over your computer system and collect your contacts info and deceive them just like you were deceived.
- Contain a download of pictures, music, movie, documents that have malicious software embedded inside the code. If you download–which you are likely to do since you think it is from your friend–you become infected. Now, the criminal has access to your system, email account, social network accounts and contacts, and the attack spreads to everyone you know. This will then repeat until the attacker has completed what he wanted to do, or until someone realises what is going on.
Don’t become a victim!
Tips to Remember:
Slow down. Spammers want you to act first and think later. If the message shows a sense of urgency or uses high-pressure sales tactics be skeptical; never let their urgency influence your careful review.
Research the facts. Be suspicious of any unsolicited messages. If the email looks like it is from a company you use, do your own research. Use a search engine to go to the real company’s site, or a phone directory to find their phone number.
Email hijacking. Hackers, spammers, and social engineers taking over control of people’s email accounts (and other communication accounts) has become rampant. Once they control an email account, they prey on the trust of the person’s contacts. Even when the sender appears to be someone you know, if you aren’t expecting an email with a link or attachment check with your friend before opening links or downloading.
Beware of any download. If you don’t know the sender personally AND expect a file from them, downloading anything is a mistake. You can always check a download if it has viruses by using VirusTotal.
Foreign offers are fake. If you receive an email from a foreign lottery or sweepstakes, money from an unknown relative, or requests to transfer funds from a foreign country for a share of the money it is guaranteed to be a scam.