Welcome to the world of social engineering, where everything is not as it seems…
Have you ever had a text, call or email that appears to be from someone they’re not? The chances are you have – and you may have been a target of social engineering!
Not all cyber security attacks rely on system weaknesses. Often, cyber criminals use human naivety to trick unsuspecting victims.
Once you know social engineering methods, you will be well equipped to spot and avoid cyber criminals using this devious tactic.
Keep reading our quick guide to learn what social engineering is and how you can spot it when it happens to you!
Once you know social engineering methods, you will be well equipped to spot and avoid cyber criminals using this devious tactic.
What is social engineering?
Social engineering is a way to trick someone into doing something that goes against their best interests.
It has been around before computers even existed, but in the digital world, it is used to gain access to a system or private information. Cyber criminals use the trusting nature of human beings to their advantage and outsmart victims to steal their confidential information.
Examples of social engineering methods include:
Pretexting
- Pretexting is a form of social engineering in which an attacker invents a scenario or situation to mislead victims into giving up their private information.
- Pretexting uses persuasion and deception to manipulate people into giving away sensitive data. There are specific characteristics cyber criminals look for when choosing a target. These include a response to authority and the ability to trust.
- Reverse social engineering is a specific example of pretexting. These attacks trick a victim into contacting an attacker via fake advertisements. Once they have fallen for this advertisement, a wide range of other social engineering techniques can be used to obtain personal information e.g via a phishing email.
Phishing
- Phishing attacks manipulate victims into giving away private information by impersonating a trusted person or company.
- Some phishing tactics include tricking you into clicking a malicious link or opening a malicious attachment.
Who can social engineering target?
Social engineering can target anyone and is a common type of cyber security attack.
Companies are often targeted by social engineering as they may have private information that attackers are hoping to access.
When websites and networks are difficult to access, unsuspecting employees may be easier for cyber criminals to target with social engineering techniques.
We saw this in the 2020 Twitter attack, where cyber criminals orchestrated a series of social engineering attacks against Twitter staff.
Companies are often targeted by social engineering as they may have private information that attackers are hoping to access.
How to spot and stop falling for social engineering techniques?
- If someone is claiming to be a trusted person who asks you to give sensitive information online or over the phone, find the organisation of the person getting in contact. Call them back via their recommended channels and check the request is true before handing over any private information.
- You could receive an email asking you to click on an unknown link or open an unknown attachment. Cyber criminals are trying to assert urgency and make you panic, so take a moment to stop and carefully inspect the email. It probably isn’t so urgent you can’t afford to take 5 minutes and check where it came from!
- An email that claims to be from a company you know - but misspells the company name or official email address is usually a sign of phishing. If you are unsure, validate and check! You wouldn’t hand over your Xbox because someone, who you have never met, turns up to your house and says they are from Microsoft. Take your real-world security skills into the online one.
Will all these tips in mind, you’re now ready to put your knowledge into practice! Have a go at CyberStart which will teach you how to become a whizz at spotting social engineering tricks, among other deceptions.
