It wouldn’t be fair in any way to connect social engineering attacks with the Internet. The Internet has many advantages and disadvantages, but the fact remains that we’re humans. We are the vector point from where all the good and bad originate.
Yes, we all have a conscience, but there are some among us that either ignore it or are not affected by it. Therefore, it is not fair to blame technology for the wicked acts of the few corrupt individuals who indulge in illicit activities.
To prove the point, a study by Vormetric reports that human error is the cause of cyber breaches 90% of the time.
What is Social Engineering?
Social engineering is basically a technique that has long been used by humans even before the birth of the Internet. By using these techniques, the evildoers among us are able to win our trust, or more like fool us into sharing stuff that we shouldn’t.
For instance, a social engineer may fool you into revealing your password, social security number, financial details or other sensitive information.
Since we are not “rational beings” – as proved by two psychologists in 1970, we are easily swayed by our emotions. We tend not to ignore logic or facts when we make emotional decisions. Social engineers have developed the ability to tap those emotions and exploit them into making us shell out our money or expose any other confidential information.
It wouldn’t be unfair to call this technique, “social engineering hacking.” Why? It is because cybercriminals hack the human mind before cracking the system or device itself.
How Hackers Carry out Social Engineering Attacks
In the cyber-age, criminals have come up with a range of social engineering techniques. Let’s take a look at some of the most commonly carried out attacks.
It is one of the most widely used social engineering tactic on the Internet and also the most successful one. In phishing attacks, the attacker impersonates as a brand (bank, corporate, retail store, etc.) and trick the user into sharing confidential details like credit card number, etc. The attack is usually made through emails or text messages. Most of the time, the email or message contains malicious links, containing malware to infect the recipient’s system. Here are some real-life examples of people who received phishing emails.
Hi, we advise not to reply or click links in suspicious emails, you can find more info here: https://t.co/J2aSIeADXw. ^JJ
— Amazon Help (@AmazonHelp) October 4, 2017
— Brian Reid (@BrianReidC7) September 28, 2017
— Milad Aslaner (@MiladMSFT) October 3, 2017
Spear indicates targeting. Spear phishing is slightly different than the traditional phishing attack since it targets specific individuals or companies. The reason to mark specific targets for the attack can be either out of any ill feeling towards the recipient or damage the brand in the market, to name a few.
This is when a phishing attack is made through calls. Here, the criminals would call you pretending to be a bank employee or a call center agent and try to trick you into revealing details such as social security number, etc. August 2017 saw a great number of businesses in the Highlands (Scotland) fell victim to a vishing attack that resulted in a £2.5 million loss.
— Lindsay (@Linds_UK) August 4, 2017
Humans lie, and that’s a universal fact. However, there are some who make up a series of lies to achieve their objectives. The attacker makes up some kind of pretext to earn the trust of the target and steal information or money. Some attackers even boldly ask the victim to pay the money, and the fake reason could be to help an ailing mother or pay the money to a loan shark.
QUID PRO QUO
It is one of those attacks that most people are quite familiar with. In such attacks, the attacker compels the victim to share confidential details in exchange for a seemingly fair trade. For instance, the victim gets a pop-up notification that he has won an iPad or a car, but to collect the reward, the victim is required to reveal personal details such as social security number, social credentials, etc.
As the name of this social engineering technique suggests, the attack baits the victims by providing them something that they need. Internet users usually come across such attacks when searching for free software, movies or games on peer-to-peer file-sharing services. The attackers upload a malware instead of a movie or software and change the name so when a user downloads the malicious file, the malware will be installed on the victim’s system.
So, Are There Any Social Engineering Prevention Tips?
Of course, there are some ways you can protect you and your family from social engineering attacks.
- The first and most important advice you would hear from anyone against social engineering or phishing attacks is always be on the look-out when you conduct online activities. Never promptly open any email or link without giving it a second thought that it might be dangerous. Never open emails sent from strangers. Even if an email is sent from someone you may know, read the subject line or the content and judge whether the person would ever ask you anything that seems suspicious.
- Even if you access any email from strangers or in fact any known brand, don’t share your persona details. Keep in mind that no company, friends or family would ask you to share your password.
- Apart from emails, don’t share any sort of confidential information on any website, regardless of how attractive the message or offer seems.
- Hackers are smart. They can send you a link that may appear from a known website. However, there is always be something different about such URLs. For instance, the spelling of the domain name or the change in .com or .org.
- Always use online cybersecurity suits such as antimalware, IDS/IPS and encryption tools to protect your system against phishing attacks, identity theft, etc.
Common Social Engineering Examples
There are many social engineering attack incidents you may find on the Internet. After all, it is easy to fool someone into giving out their information than hacking protected devices.
For instance, the IRS scam is one of the famous social engineering attack examples on the Internet. The hackers called the targets (victims) impersonating as employees from the Internal Revenue Service. The hacker than tricked the victim into paying money through payment services that are non-traceable.
The IRS scam is one of the many attacks that are happening around the globe. Some are conducted at a large scale whereas some at low scale.
Security tools aren’t enough to protect you against online threats like social engineering attacks. The first and foremost protection is to minimize human error.