5 Things You Should Know about Social Engineering
1. It uses human psychology instead of network hacking.
Social engineering is an exploit in which criminals use social skills to trick people into revealing confidential information. In order to access network data, social engineering leverages user psychology rather than hacking techniques. During social engineering attacks, users can be deceived or manipulated into performing certain actions or disclosing personal information such as access credentials.
2. Social engineering comes in many forms.
There are many different ways in which cybercriminals can trick users via social engineering. Given the impact of these exploits, understanding the various types of social engineering is a crucial step in avoiding falling victim.
3. Anybody can become a victim, even the largest companies in the world.
In April 2021, a cyber gang compromised the email account of the director of the UK rail operator Merseyrail. As a result, several Merseyrail employees received a strange email from the director’s email address with the subject line “Lockbit Ransomware Attack and Data Theft.” Some journalists also received the same email. The content of the email contained claims that Merseyrail had been hacked and the company had attempted to construe the attack as a harmless network outage. The fraudsters also included a picture of employees’ personal data and demanded a ransom to release the information back to Merseyrail.
The largest social engineering attack to date targeted Google and Meta (then operating as Facebook) between 2013 and 2015. Specifically, a cyber gang led by Evaldas Rimasauskas established a fake company that claimed to have manufactured computer parts for Google and Facebook. Then, the attackers sent phishing emails to employees of the tech giants, requesting that they pay invoices for supposed services rendered. Over the course of 2 years, Rimasauskas and his team extracted more than $100 million from Google and Facebook.
4. How to know if you have been targeted.
Social engineering attacks are increasing in sophistication and believability. Below are some common manifestations of attempted social engineering:
Appearance of emails or text messages from unknown senders that encourage users to click on links or download an attachment.
Appearance of emails or text messages from known senders that contain alarmist or suspicious language.
Receipt of emails, text messages or phone calls from unknown individuals claiming urgent situations, such as offering a limited time free service or informing users they have been the victims of a crime.
Increase in the physical presence of an unknown individual claiming to need access into an office building or other sensitive area.
5. You can protect yourself from social engineering with some simple practices.
Here are some best practices to help users avoid falling victim to social engineering:
Be mindful of sharing private or sensitive information on social media platforms.
Avoid clicking on links or downloading attachments sent via email or text message. Instead, scan the URL first by copying/pasting it into a trusted URL scanner, such as VirusTotal or URL Void.
Avoid installing new software from untrustworthy sources and decline the installation of bundled software.
Double check the names of senders and websites for spelling errors and typos, as these could indicate attempts to trick users.
Practice caution if approached by an unknown individual attempting to strike up an animated conversation or claiming to need access into a building or network.
Want to learn more about a specific aspect of cybersecurity? Leave a comment down below to recommend future content on Phishing for Answers!