Security is all about understanding who and what to believe. It is essential to recognize when and when not to take someone at their words. It’s also about making sure when anyone you are talking with is who they say they are, especially while interacting with someone online or using a website. Think before using any unknown website or sharing your confidential information with anyone.   Ask any security expert, and they will inform you that the feeblest connection in the security chain is the person who believes a person or situation at face value. It doesn’t matter how many locks and bolts are on your doors or if you have protector dogs or security alarms in place . If your believe the person at the entrance who says he is the pizza delivery man and you permit him in without checking to see if he is genuine, it reveals what risk he stands for.   What Does a Social Engineering Attack Look Like?   Email from a friend. If an attacker somehow hacks or socially engineers someone’s email password, they have control over that person’s contact list and since most people use one password all over, they perhaps have control over that person’s social networking contacts too.   Once the criminal has that email account in their power, they shoot emails to all the contacts or leave messages on every friend’s social contacts. And maybe on the pages of the person’s friend’s friends as well, asking for urgent help like transferring small amount of money for emergency .  

Taking benefit of your faith and interest, these messages will:

 

• Have a malicious link: Since it’s coming from a trusted friend, you’ll believe the link and click and get infected with malware, the attacker can take over your machine and gather your contacts and in turn mislead them immediately.

 

• Contain an enticing message to download image, picture or file :  If you download, which you would probably to do since you believe it is from your friend, you become infected. The criminal now has control over your device, email account, social network accounts and contacts which he can misuse.

Phishing

Phishing is the most familiar and extensively victorious type of social engineering attack. The impostor lures via email, chat, web ad, or website to convince a person or association to part with confidential information.   For example, the fraudster may act like a government officer or bank employee, a trusted brand member, and target the native customers who easily trust them and part with confidential information. They can also fake emails or calls and then easily access their private documents.  

Spear Phishing

Spear Phishing is a unique structure of social engineering. The impostor does several background types of research on the target’s personal and professional life to set up the correct trap.   For example a genuine looking email from CEO to accounts person asking him to transfer money to a particular bank account urgently .  

Baiting

Baiting engages in setting a trap like an USB stick with some attractive information but also loaded with malware. Somebody who gets interested to check what’s on the attachment, puts it in their USB drive & their system gets compromised.   Nigerian lottery winning mails informing “you have won million dollars” can also be an example of baiting.  

Tailgating

Tailgating occurs when somebody lacking good verification goes into a controlled area by going around the safety checks in place. For example, the attacker can engage in conversation with an employee in the reception area or the parking lot and use the knowledge to go into the office building and get a history of visitor book kept on the front desk.  

Scareware

Scareware is a malware method where the fraudster instils a fear to mislead users into visiting malware-infected sites and exporting malicious software.   Example, forcing a pop message on user screen that your system is infected and files may get encrypted, giving link to dubious site to scan the computer and fix it   What are the warning Signs of Social Engineering attacks? One of the finest methods to guard against social engineering is to know some warning signs which may be like:

• Asking for instant support.
• Requesting to confirm your confidential information.
• Acting excessively friendly or too keen to help.
• Acting anxious when opposed to questions.
• Overstressed details.
• Enticing with too good to be true offers.
• Unexpected calls claiming to be from banks or government agency asking to share confidential details
• Threatening warnings if their requests are not attended.

  How to be protected from social engineering?  

• Slow down.

Attackers wish you to act foremost and think later. If the message expresses too much urgency or employs high-pressure sales plans, be cynical; do not let their pressure control your careful review.  

• Research the facts.

Be doubtful of any unwelcome messages. If the email seems like it is from a business you use, do your investigation. Use a search engine to go to the genuine company’s site or a phone directory to discover their phone number. If from known person and looks suspicious , try to verify by calling or by sending a separate email.  

• Don’t let a link be in control of where you land. 

Stay in power by discovering the website yourself by a search engine to be convinced, so you land where you want to reach. Right click on link to see the actual URL at the base before clicking and if it shows unwanted site, don’t click & delete the mail.  

• Email hijacking is rampant. 

Hackers, spammers, and social engineers in command of people’s email accounts have grown out of control. Once they have control over an email account, the victims contacts are fully at risk. Even if the sender appears to be somebody you know, if you aren’t expecting an email with a link or attachment, make sure to verify over phone or a separate email before opening the links or downloading.  

• Foreign offers are fake.

If you get an email claiming from foreign lottery providers informing you have won huge sum  , offers to transfer money from an unidentified relative, or requests to transmit funds from a foreign country for business investment, just delete it . This are known con players !  

• Secure your computing devices.

Install latest end point protection software, firewalls, email filters, and keep these updated. Keep your operating system of laptop & mobiles updated with latest patches. You can also use an anti-phishing protection offered by your web browser or third party to alert you to possible risks. Don’t click on too good to be true offers or unknown links. Only visit trusted sites and always apply your common sense !   About SNS Secure Network Solutions (SNS) is a Cyber Security-focused company, and it has been helping businesses use the internet safely for the last 21 years. For any cyber security concerns and to protect your business against cyber-attacks, write us at [email protected]