cyberbadgerThe World population is about 7.7 billion. As of 2017, there were an estimated 3.9 billion Internet users worldwide. This accounts for more than half of the global population, and about more than half of the internet users are ignorant of information security.
In this article, I will tell you how a hacker can easily compromise you online using the Social Engineering method.
Social Engineering (SE)
Is the act of convincing someone into doing things (giving access) or giving out confidential information. social engineering feeds on human psychological weaknesses.
Rather than breaking into systems or networks, a hacker can easily use social engineering techniques to gain access. SE are nontechnical by nature, it just requires psychological tricks on humans.
social engineering involves a phone call, email or other communication that invokes urgency, fear or similar emotions in the victim that leads them to take prompt action. It could be an email that looks like it’s coming from a credible organization, such as your bank or online services. But if you open it and click on the attachment, you could be installing malware, thereby compromising your system.
Because social engineering involves an individual’s component, preventing these attacks is terribly tough for businesses. Before you say that you would never fall for such a trick, know even IT-specialists inadvertently shares information that could be used to compromise them online.
Most common SE attacks
Phishing:
A phishing email is carefully crafted to look as though it’s coming from a trusted source, but hackers are literally behind the scenes, trying to trick their victims into downloading an attachment, clicking on a mischievous link or providing sensitive data.
Spear phishing:
Phishing emails can be sent to an entire organization, whereby spear-phishing emails are crafted specifically for a set people or department in an organization that could have valuable information the attacker needs.
Vishing (voice phishing):
Vishing is practically the same as phishing, just over the phone. After finding a bit of information about a victim (such as a name or date of birth), a hacker will call the targeted victim’s, disguised as tech or customer care representative, to trick them into giving out more information like bank details, login credentials etc.
Baiting:
Baiting attacks involve offering victims something they have an interest in, searching for or want. These types of attacks often appear on peer-to-peer sharing sites where you can download movies or stream music. You might actually be downloading virus instead of the files you wanted to get.
Some Recommendations to keep you safe.
Social Engineering attacks are the most common security challenges that both individuals and companies face in keeping their information secure. However, you can limit the risk of falling in the trap of these attackers by doing :
- Educate yourself/your staff on this type of attacks. If you can identify the attacks, you can’t fall for it.
- Get good anti-virus software. AV will not protect you against social engineering, but they can help protect you from malware.
- Do not open emails from untrusted sources. Contact the sender in person or by phone if you receive a suspicious email message.
- Do not accept rewarding offers from unknown sources. If the offer appears too good to be true, they probably are.
- Lock your phone/laptop whenever you are not making use of it.
- Do not save your password on a system or browser you have no control over.
Check my article on how to prevent this social engineering attacks.
Feel free to share this article with your friends and colleagues.
Thanks for reading, Feedback is always appreciated.
