Social engineering attacks typically involve tricking users to give out sensitive or confidential information. It usually involves email or social media as the medium of communication and the message invokes urgency, fear, or trust that implores the user to click the malicious link or give the sensitive information and thus become the victim. Social Engineering relies on the human, which is the weakest link of information security. Protection from these attacks is not only needed for personal security, but it is very much required for enterprises.
Social engineering attacks focus on the emotions of people and take advantage of that by tricking them to open malicious links, files, or asking them to provide confidential information. For attackers, it is easier to play with human psychology than finding the system vulnerability and exploit it. Following are the emotions which are commonly used in the social engineering attacks
Tähän kohtaa tulee Tabs-komponentti, jonka tiedot alla
Fear
You receive a phone call from Microsoft. They have found suspicious activity on your laptop and in order to secure the account, you should provide them with the information they needed.
Greed
You received an email stating that you have won the lottery or inherited property. In order to get your money, you have to provide certain sensitive information, click URL links, or send some money to the criminal to receive the prize.
Urgency
You receive an email from a trustworthy organization (Amazon, eBay, or Paypal) that your account has been seen for suspicious activity, and to protect your credit card you need to login to your account using the link.
Frank Abagnale, a Security Consultant, former Criminal
Tähän kohtaa tulee Accordion-komponentti, jonka tiedot alla
Use Strong Passwords A strong password uses a combination of numbers, letters, and symbols and is at least 8 characters long. It can make brute force attacks or guessing the password difficult for the attacker. It is commonly seen that people write down their complex passwords because they are hard to remember, and this is also a security risk. Also, remember to use different passwords for different accounts.
Enable Multi-Factor Authentication (MFA) Multi-Factor Authentication plays an important role when it comes to the security of social media accounts. It uses more than one form of authentication, either in the form of a physical hardware key, a fingerprint scanner, or a code generated on your mobile phone. Even if one of the authentication measures has been compromised, then the second authentication measure will help to protect the user from the attacks being successful.
Enable Privacy Settings Familiarize yourself with the privacy settings of the social media channels you use and customize them to control who sees the information and photos you share.
Think Before You Share On social media, avoid sharing personal and sensitive information such as your home address, date of birth (including year), phone number, and social security number. The more information you share, the easier is to become a victim of identity theft.
You have to think critically about your social media safety. The scenario below is a realistic situation that illustrates the consequences of your choices.
In this social media scenario, you will be presented with a series of challenges. The challenges are based on your previous choices until you complete all the challenges and reach the end of the scenario. Also, the feedback will be provided at the end of the scenario.
Tässä on Scenario-komponentti, jonka tiedot alla
Q: You have received a message from a friend on Facebook Messenger asking for urgent help. They need you to transfer 200$.
1.1 I will call her on the phone to confirm that if they have requested the amount.
2.1 I will transfer the money as they are in need.
1.2A: If the message invokes urgency, fear, or trust, you should always ask the friend through a different communication channel to confirm if the request is genuine.
1.2 Q: You have made a good choice, it is always good to confirm if the request is genuine. What you will do, if contact with your friend is not possible at the time?
1.3: I will cross verify if the account given on the message is the same as their usual account. If it is the same, then I transfer.
1.4: I will wait until I can contact the friend using another communication channel to verify their identity. I will also verify the account number.
1.3A: If you already know the bank account number of the friend, then the risk is minimal. There is less probability that some else has access to their social media account and also to their bank account.
1.4A: It is always better to be safe than sorry. Until and unless you verify that it is a genuine person who is doing the request, do not do any kind of transactions.
2.2A: The urgency plays an important role in social engineering attacks.
2.2Q: You choose to send the amount to your friend. But there is a possibility that someone else has access to their account. Will you do something before transferring the money?
2.3: I will transfer the amount in their bank account which is already known to me, as I have already sent them money before.
2.4: I will transfer the amount to the account mentioned in the message. My friend needs urgent help and I do not care about the account number.
2.3A: If you know already the bank account number of the friend, then the risk is minimal. There is less probability that some else has access to her social media account and also to their bank account.
2.4A: You could be a victim of a social engineering attack very easily. Urgency and trust are two important tools that are used by hackers to manipulate human psychology. (looking dissappointed)
Result 1.3, 2.3: You Did Okay You have done a good job, but be on the safe side. It is essential to verify the person in case of unusual requests.
Result 1.4: You Did Great You did great, now you can deal with social engineering attacks.
2.4: Remediation Needed You could have done a bit better, as it might be likely that someone hacked into your friend's account. Go through the lesson once more to fully grasp how social engineering is used against you.
Alla oleva teksti Statement A -komponentti The best approach is to be on the lookout for suspicious behavior and restrict what you share online.