Security is all about understanding who and what to believe. It is essential to recognize when and when not to take someone at their words. It’s also about making sure when anyone you are talking with is who they say they are, especially while interacting with someone online or using a website. Think before using any unknown website or sharing your confidential information with anyone. Ask any security expert, and they will inform you that the feeblest connection in the security chain is the person who believes a person or situation at face value. It doesn’t matter how many locks and bolts are on your doors or if you have protector dogs or security alarms in place . If your believe the person at the entrance who says he is the pizza delivery man and you permit him in without checking to see if he is genuine, it reveals what risk he stands for. What Does a Social Engineering Attack Look Like? Email from a friend. If an attacker somehow hacks or socially engineers someone’s email password, they have control over that person’s contact list and since most people use one password all over, they perhaps have control over that person’s social networking contacts too. Once the criminal has that email account in their power, they shoot emails to all the contacts or leave messages on every friend’s social contacts. And maybe on the pages of the person’s friend’s friends as well, asking for urgent help like transferring small amount of money for emergency .
Taking benefit of your faith and interest, these messages will:
- Have a malicious link: Since it’s coming from a trusted friend, you’ll believe the link and click and get infected with malware, the attacker can take over your machine and gather your contacts and in turn mislead them immediately.
- Contain an enticing message to download image, picture or file : If you download, which you would probably to do since you believe it is from your friend, you become infected. The criminal now has control over your device, email account, social network accounts and contacts which he can misuse.
Phishing
Phishing is the most familiar and extensively victorious type of social engineering attack. The impostor lures via email, chat, web ad, or website to convince a person or association to part with confidential information. For example, the fraudster may act like a government officer or bank employee, a trusted brand member, and target the native customers who easily trust them and part with confidential information. They can also fake emails or calls and then easily access their private documents.Spear Phishing
Spear Phishing is a unique structure of social engineering. The impostor does several background types of research on the target’s personal and professional life to set up the correct trap. For example a genuine looking email from CEO to accounts person asking him to transfer money to a particular bank account urgently .Baiting
Baiting engages in setting a trap like an USB stick with some attractive information but also loaded with malware. Somebody who gets interested to check what’s on the attachment, puts it in their USB drive & their system gets compromised. Nigerian lottery winning mails informing “you have won million dollars” can also be an example of baiting.Tailgating
Tailgating occurs when somebody lacking good verification goes into a controlled area by going around the safety checks in place. For example, the attacker can engage in conversation with an employee in the reception area or the parking lot and use the knowledge to go into the office building and get a history of visitor book kept on the front desk.Scareware
Scareware is a malware method where the fraudster instils a fear to mislead users into visiting malware-infected sites and exporting malicious software. Example, forcing a pop message on user screen that your system is infected and files may get encrypted, giving link to dubious site to scan the computer and fix it What are the warning Signs of Social Engineering attacks? One of the finest methods to guard against social engineering is to know some warning signs which may be like:- Asking for instant support.
- Requesting to confirm your confidential information.
- Acting excessively friendly or too keen to help.
- Acting anxious when opposed to questions.
- Overstressed details.
- Enticing with too good to be true offers.
- Unexpected calls claiming to be from banks or government agency asking to share confidential details
- Threatening warnings if their requests are not attended.
- Slow down.
- Research the facts.
- Don’t let a link be in control of where you land.
- Email hijacking is rampant.
- Foreign offers are fake.
- Secure your computing devices.