Social Engineering

'Social engineering is a broad term used to describe malicious activities that aim to gain access to systems or data, performed by manipulating human psychology, rather than technical hacking.'

Social engineering attacks typically involve tricking users into giving out sensitive or confidential information. It usually involves email or social media as the medium of communication and the message invokes urgency, fear, or trust that implores the user to open malicious link or share their sensitive information and thus become the victim.

Social Engineering relies on human psychology since people are the weakest links of information security. Protection from these attacks is not only necessary for personal security, but for companies, governmental bodies, and organizations alike.

Example of a Social Engineering Attack

Social engineering attacks focus on human emotions and take advantage of them by evoking fear, shame, guilt, or even happiness – anything that makes the victim lower their guard. For attackers, it is easier to target human psychology than to find flaws in technical security measures. Take a look at the following examples of social engineering.

Fear

You receive a phone call from your tech provider. They have found suspicious activity on your laptop and, in order to secure the account, ask you to provide them with the information they needed. They may know a lot about you and your devices, which may make it all seem plausible. But don’t get fooled – companies never ask for your personal information by phone, text messages, or email.

Greed

You receive an email stating that you have won the lottery or inherited property. In order to get your money, you have to provide certain sensitive information, open a certain link, or send some money to the criminal to gain access to what is yours. Many people dream of winning the lottery, but you should control your emotions.

Urgency

You receive an email, seemingly from a trustworthy organization, in which you are told about suspicious account activity. To protect your credit card, you need to login to your account using a special link provided. Don’t be fooled – remember what we’ve learned about links.

Keep in mind that the most advanced social engineering usually combines many different strategies. Instead of a simple message, the malicious actors can use a combination of emails, phone calls, and even traditional mail, to lure in their pray.

"There is no technology today that cannot be defeated by social engineering"

- Frank Abagnale, a Security Consultant, former Criminal

Remember Mr. Abagnale’s statement – human psychology is the weakest link in a secure system. Try to control your emotions and always think logically. If something seems too good to be true, it most probably is. Take extra caution when a message invokes fear, panic, or urgency.

Staying Safe on Social Media

Social media is everywhere these days. Many of us use it to stay informed, stay in touch, and stay entertained, and it’s easy to lower our guard when enjoying ourselves. Learn the following tips by heart, and always stay vigilant. You’ve heard many of the tips before, but reviewing is always in place when talking about cyber security.

Use Strong Passwords

A strong password uses a combination of numbers, letters, and symbols while being at least 10 characters long. It can make brute force attacks or guessing the password difficult for the attacker. Do not write down your passwords and place the notes next to your devices, even if it may seem safe. Also, remember to use different passwords for different accounts.

Enable Multi-Factor Authentication (MFA)

Multi-Factor Authentication plays an important role when it comes to the security of social media accounts. Like 2FA, which we’re covered before, it uses more than one form of authentication – a password combined with a physical hardware key, a fingerprint scanner, or a code generated on your mobile phone. Even if one of the authentication measures has been compromised, the second one is there to protect the user.

Enable Privacy Settings

Familiarize yourself with the privacy settings of the social media channels you use and customize them to control who sees the information and photos you share. It’s recommended to keep your profile and data private instead of letting everyone see them.

Think Before You Share

On social media, avoid sharing personal and sensitive information such as your home address, date of birth (including year), phone number, and social security number. The more information you share, the easier is to become a victim of identity theft. Remember – all information can be used by malicious actors pretending to be someone you trust.

Exercise: Scenario

You have to think critically about in order to stay safe on social media. The scenario below is a realistic situation that illustrates the consequences of your choices. While the situation may seem simple without emotions involved, it could be a lot more complex when feeling fear, panic, or jubilant happiness. Answer the following questions and try to stay safe. Feedback will be provided at the end of the scenario.


'Trust your gut: Do not accept friend requests from strangers or duplicate account requests from friends without verifying that they have actually sent them.'