What is Social Engineering?

Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information. Social engineering is especially dangerous because it relies on human error rather than vulnerabilities in software and operating systems.

5 Main Forms of Attacks

Social engineering attacks come in many different forms and can be performed anywhere where human interaction is involved. The following are the five most common forms of digital social engineering assaults.

1. Baiting: These attacks lure users into a trap that steals their personal information or inflicts their systems with malware. Online forms of baiting consist of enticing ads that lead to malicious sites or encourage users to download a malware-infected application.
2. Scareware: Similarly, scareware involves using malware, deception software, and rogue scanner software via emailing and legitimate-looking prompts to deceive users into clicking or installing.
3. Pretexting: This attack is typically initiated by a perpetrator impersonating co-workers, police, bank, or tax officials pretending to need sensitive information from a victim to perform a critical task. Information gathered using this scam includes social security numbers, personal addresses, phone numbers, phone records, staff vacation dates, bank records, and even security information related to a physical location.
4. Phishing: These scams are email, and text message campaigns aimed at creating a sense of urgency, curiosity, or fear in victims which look legitimate enough to prompts them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware.
5. Spear phishing: This is a more targeted version of the phishing scam. An attacker chooses specific individuals or enterprises then tailors the messages based on characteristics, job positions, and contacts to make their attack less conspicuous. They’re much harder to detect and have better success rates if done skillfully.

Prevention

Social engineers manipulate human feelings, such as curiosity or fear, to carry out schemes and draw victims into their traps. Therefore, be wary whenever you feel alarmed by an email, attracted to an offer displayed on a website. The following tips can help improve your vigilance in relation to social engineering hacks.

• Don’t open emails and attachments from suspicious sources – Avoid interacting with email when you don’t know the sender in question. Even if you know them and find the message suspicious, cross-check and confirm via telephone, for example.
• Use multifactor authentication – This helps ensure your account’s protection in the event of system compromise.
• Be wary of tempting offers – If an offer sounds too enticing, think twice before accepting it as fact. A quick Google search can help you determine whether you’re dealing with a legitimate request or a trap.
• Keep your antivirus/antimalware software updated – Enable automatic updates or make it a habit to download updates frequently while also having your system scanned for possible threats.

If you have fallen victim to such attacks or want to educate your employees of such attacks, feel free to reach our IT security team on 416-214-6363 or email itsecurity@pathcom.com.