Social engineering is the art of manipulating people in to getting a desired outcome. In cyber security this outcome usually involves extracting sensitive information such as passwords or documents but can also be tricking you to install something malicious or getting you to pay a false invoice.
Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software.
Social engineering can come in many forms, it could be a text from someone you thought was your friend, it could be a USB stick that you found on the train, it could be someone claiming to be from a company requesting your details. The list of possible social engineering attacks is endless.
The attacks do have things in common however; they work hard to take advantage of you by claiming to be from someone you know and trust, and then try and encourage you to give them valuable information, whether that be by clicking a link, installing a malicious program or over the phone.
A particularly successful form of social engineering is the use of questionnaires on social media websites, where people are relaxed and engaging with their friends. These questionnaires introduce questions about your life and likes in the style of a quiz, or under the guise of sharing fun information with your social group, an example I’ve seen recently is “Tap on your baby’s birth month to find out why you gave them their name”
Of course, they could be completely genuine however, notice how aligned they are with security questions (for example, where you grew up, what your first pet was called, your child’s birth month) asked by many firms, when you are setting up secure accounts on websites, like your GP, shopping accounts, or your bank. When you answer or engage in this sort of activity, you could be delivering information directly into the hands of hackers, who are harvesting information from your answers about your passwords or your security questions, and those hackers can attempt to use it to compromise your accounts.
Of course, a simple way to avoid this is to not do those questionnaires and don’t use weak passwords, but lots of people do click on these surveys and do have weak passwords. We know this as 81% of data breaches are caused by compromised, weak, or reused passwords.
Below are a few ways you can protect yourself:
- Don’t fill in any sort of questionnaire about your life style on social media sites – it’s not worth the risk.
- Delete any request for financial information or passwords unless you requested a password reset.
- Reject requests for help or offers of help. Legitimate companies and organizations do not contact you to provide help. If you did not specifically request assistance from the sender, consider any offer to ’help’ restore credit scores, refinance a home, answer your question, etc., a scam.
- Set your spam filters to high. Every email program has spam filters. To find yours, look at your settings options, and set these too high. Just remember to check your spam folder to see if legitimate email has been accidentally trapped there.
At Cyber Wise, we deliver a variety of courses to your employees suited around social engineering and how to prevent a successful attack, if you would like to learn more, contact us today.