Social engineering is the art of
tricking the users into security mistakes so they give away the confidential
information. The type of information that hackers are looking for can be
different, but when individuals are under attack, the hackers are usual want to
trick them to get their passwords, bank information or installing malicious
software into their computers.
If you ask any Security
Professional about who can be a good target for hacking, you get the answer
HUMANS, because humans are considered to be the weakest link and they can
always be manipulate into doing some staff to open the gate for the hackers.
For Example if you put locks and deadbolt on your door and windows or
if you have guards, alarm system and security cameras; if you trust the person
at the gate who is claiming that he is the pizza delivery guy and you let him
enter your home without proper check this is where you completed exposed to
whatever risk he represents.
social engineering attacks?
Phishing Attempts: The most common social engineering attacks come
from phishing. In this type of
attack, hackers will try to send messages via email, Instant message, comments
in your social network post or even send you SMS claiming that this is from a
famous business, bank, school, university in order to get your user and
password or bank information.
The message can have these stories:
The message may contain
there is a problem with your bank account
click the link to solve the problem and then they will ask your account
The messages may also
contain that you won a lottery.
The message can also ask
for help or charity.
You will receive a phone
call that you won 1 million Afs and asked you to send a top-up of 500-1000 afs
in order to transfer that amount.
Phishing: In the recent years, we have witnessed a rapid usage of
ransomware along with phishing email. They send you an attachment such as
URGENT ACCOUNT INFO with the file extension of .pdf.zip or pdf.rar, when you
open the file then the attacker will encrypts your entire hard disk or specific
folder and then ask you a bitcoin payment in order to unlock, after receiving
the payment, they will decrypt your hard drive or folder.
attacks involve offering victims something they like want. These type of
attacks often appears in peer-to-peer sharing sites where you can download (Hot
movies, celebrities’ pictures or pirate Hollywood or Bollywood movies etc.).
When you click on the download button you may be downloading malware instead
of, or in addition to, the files you actually want.
Quid Pro Quo: Similar to baiting,
quid pro quo involves a hacker requesting the exchange of critical data or
login credentials in exchange for a service. For example a hacker will call you
and give you a free IT assistance or in exchange of login credentials.
How to Prevent Social
Do not open emails and attachments from
suspicious sources – if you do not know the email sender or even if you know
the sender and their emails looks suspicious never open email or attachment.
Always update your
anti-virus/antimalware software – Turn your anti-virus/antimalware automatic
Set your spam filters to high – Every
email software has spam filter option always make a habit of setting the spam
filter to high.
Perform a regular
backup to an external medium (external hard drive or the cloud). After backing
up, disconnect your drive. Current ransomware is known to encrypt your backup
drive as well.
Phishing and baiting – these schemes
mostly used in employment frauds targeting recent college graduates.
Whether you are on social media, applying for jobs, always before you click, do
your research, and visit HTTPS sites through a secure search engine, not via
email or social media links.
Reject requests for help or offers of
help – Legitimate companies and organizations do not contact you to provide
Delete any email, which asks for
financial information or passwords – If you are asked to reply to a message
with personal information, it is a fraud.
Beware of downloading files – If you
receive an email and do not know the sender personally or you know the sender
and your suspicious never make the mistake.
Humans need to be
trained – Humans are the weakest link and Security Awareness Training programs
are helpful to reduce the risk of being compromised and increase the level of
awareness in the organization.