Social Engineering plays an important role in a notable number of cyberattacks.
It has been consistent all through the life of internet security.
But what is it exactly? In its most comprehensive sense, social engineering is about psychological manipulation — getting people to do things you want them to do.
In the context of cybercrime, social engineering is broadly defined as being a non-technical tactic used by hackers to acquire information, conduct hoax or gain illicit access to victim machines. Social engineering relies on human interaction and involves fooling people into breaking the security procedures that they would usually follow.
Types of social engineering attacks
- Baiting is when an attacker leaves a malware-infected physical device in a place, it is sure to be found. The finder then picks up the device and loads it onto his or her computer, accidentally installing the malware.
- Phishing is when a malicious party sends a fraudulent email disguised as a genuine email, often indicating to be from a trusted source. The message is meant to trick the receiver into sharing personal or financial information or clicking on a link that installs malware.
- Spear phishing is like phishing but tailored for a specific individual or organization.
- Vishing is also known as voice phishing, and it’s the application of social engineering over the phone to collect personal and financial information.
- Pretexting is when one party lies to another to gain access to privileged data.
- Scareware involves deceiving the victim into thinking his computer is infected with malware or has accidentally downloaded illegal content. The attacker then offers the victim a resolution that will fix the false problem; in actuality, the victim is simply tricked into downloading and installing the attacker’s malware.
- Diversion theft: The social engineers fool a delivery or courier company into going to the wrong pickup or drop-off location, thus intercepting the transaction.
- Honey trap: An attack in which the social engineer pretends to be an attractive person to interact with a person online, fake an online relationship and gather sensitive information through that relationship.
- Tailgating sometimes called piggybacking, is when a hacker walks into a secured building by following someone with an authorized access card. This attack presumes the person with legitimate access to the building is courteous enough to hold the door open for the person behind them, assuming they are allowed to be there.
Tips to Remember:
- Slow down. Spammers want you to act first and think later. If the message conveys a sense of importance never let their urgency affect your careful analysis.
- Research the facts. Be suspicious of any unsolicited information. If the email looks like it is from a company you use, do your research.
- Don’t let a link be in control of where you land. Stay in control by finding the website yourself using a search engine to be sure you land where you intend to land. Hovering over links in the email will show the actual URL at the bottom, but a good fake can still steer you wrong.
- Email hijacking is widespread. Hackers, spammers, and social engineers take over control of people’s email accounts, they prey on the trust of the person’s contacts. Even when the sender appears to be someone you know if you aren’t expecting an email with a link or attachment check with your friend before opening links or downloading.
- Beware of any download. If you don’t know the sender personally AND expect a file from them, downloading anything is a mistake.
- Foreign offers are fake. If you receive an email from a foreign lottery or sweepstakes requesting to transfer funds from a foreign country for a share of the money it is guaranteed to be a scam.
Ways to Protect Yourself:
- Delete any request for financial information or passwords. If you get asked to reply to a message with personal information, it’s a scam.
- Set your spam filters to high. Every email program has spam filters. To find yours, look at your settings options, and set these too high–just remember to check your spam folder periodically to see if a legitimate email has been accidentally trapped there.
- Secure your computing devices. Install anti-virus software, firewalls, email filters and keep these up-to-date. Set your operating system to automatically update, and if your smartphone doesn’t automatically update, manually update it whenever you receive a notice to do so. Use an anti-phishing tool offered by your web browser or a third party to alert you to risks.