Protecting Yourself from Social Engineering Attacks

When many of us think of hackers, we think of a person sitting alone in a dark room attempting to “break-in” to a computer system using their technological know-how. In reality, most hackers, especially the successful ones, don’t work like that. Rather than forcing their way in, they knock on the door and ask if you’ll let them into your computer and eventually your life.

Avatar

When many of us think of hackers, we think of a person sitting alone in a dark room attempting to “break-in” to a computer system using their technological know-how. In reality, most hackers, especially the successful ones, don’t work like that. Rather than forcing their way in, they knock on the door and ask if you’ll let them into your computer and eventually your life.

Statistics suggest that 98% of all cyberattacks rely on or have a foundation in what is called “social engineering”. These attacks target everyone from young kids using their parents’ phones to C-suite level executives and even IT professionals themselves. Social engineering attacks work particularly well on people who don’t know how to spot the tell-tale signs of manipulation.

That’s why everyone needs to know what these attacks are and how to prevent them. Thankfully, spotting them and protecting your family is relatively easy if you know the signs.

A Short Intro into Social Engineering

Social engineering attacks are those that rely on manipulation of the target (i.e., you) to let the attacker past your cybersecurity defenses and into your computer. They exploit human psychology because it’s easier to target individual people than it is to find unpatched vulnerability in code. Simply put, people are more predictable.

These attacks aren’t popular just because they’re less labor-intensive. Hackers also prefer them because when they’re successful, they open up more of the target system to the attacker. What’s more, it can be difficult to spot an intrusion created by social engineering until days, weeks, or months after the breach. In other words, successful social engineering attacks are a win-win for hackers: they’re less laborious and more valuable.

It’s important to understand that social engineering can take place online, on the phone, or even in person. An in-person attack sounds like a scene from a James Bond movie, but it can happen to anyone with access to valuable data. Some thought the big Sony hack in 2014 initiated by a person who walked into Sony and launched the theft of data from inside the building. (A North Korean programmer was charged in 2018.)

Why Social Media Plays Such an Important Role in Attacks

Social media has made it easier than ever to manufacture a relationship and steal information. While social media is supposed to be a place to share your views, meet new people, and maybe even learn something new, it’s often misused in ways that we don’t realize. We often forget that social media is public which can get us in trouble, particularly if we have high profile or public facing jobs.

Our use of social media is also important because many people don’t realize the lows hackers will reach to gain access to information. They aren’t your typical Nigerian Prince spam emails, though that’s social engineering, too. Criminals will also take advantage of news, holidays, and pop culture to misrepresent themselves to otherwise savvy victims. There are even criminals trying to use the COVID-19 outbreak as an opportunity to step up their phishing game by setting up phony websites, impersonating the World Health Organization (WHO), and even offering people money by pretending to be the government.

As a result, it’s important to remember that social engineering can happen on any device. Here’s a list of the most common social engineering attacks:

  • Phishing
  • Vishing (phishing over the phone)
  • Smishing (phishing over SMS texts)
  • Spear phishing (targeting specific individuals)
  • Tailgating (stealing a person’s credentials)
  • Water holing (reviewing a target’s web history and using viruses)
  • Baiting (usually software updates)
  • Quid pro quo (offer to reciprocate favors)
  • Impersonation (pretends to know the victim to start phishing)

You need to be prepared for any of these instances to stay safe.

How to Prevent Social Engineering Attacks

Unfortunately, all the anti-virus and anti-malware in the world won’t prevent every kind of phishing attack. It’s up to individuals and communities to stay vigilant and know the signs

Perhaps the best advice available is to think before you click. In other words, if you see a strange email, text, or message, don’t open it, and definitely avoid clicking any links within the body. It’s important to be careful because some attacks are sophisticated. For example, spoofers can make it look like they’re texting or calling from your bank’s phone number by using a caller ID trick even when they’re absolutely not calling from your bank.

When the message looks legit but you’re not sure, get in touch with the alleged sender using a different form of communication. For example, if you get a text from your bank asking for new details or offering you a link, call your bank’s customer service line. They can tell you whether that text is legitimate. If it isn’t, they’ll then have a record of it, which means they can start to identify patterns and warn other customers.

It’s also a good idea to update your privacy settings on all your apps, browsers, and regularly used sites and apps. For example, Google Maps uses a huge amount of data to do helpful things like predict travel time. However, the same data can also get you in trouble so you need to take extra steps to prevent Google Maps from tracking your location data, even if you think the settings are off.

Tech does us so much good. It allows us to organize, meet, and keep up with each other from any distance. But it’s important that we all use it wisely. Everyone needs to watch what they post, check their settings, and know the signs of a phishing attack. It’s the best way to keep you and your family safe from social engineering attacks.