- This event has passed.
Social engineering – attack techniques and prevention
April 27 All day
A growing trend in the digital world of communications that unfolds on our monitors. It’s not just about hacking anymore, but by human nature and the speed of building trust, it is tricked into giving away private information.
Nowadays, when almost every area of our life is connected to the Internet, including communication, entertainment, transport, shopping and more, it is becoming easier and easier to find frauds that can fall victim to us. Have you ever heard of social engineering? These are techniques that trick people into revealing their private details such as passwords or banking details or giving them access to a computer to install malicious software silently. Thieves and scammers use social engineering because it’s easier to get someone to reveal passwords than to hack them.
Generally speaking, social engineering attackers have one of two goals:
- Sabotage – the disruption or corruption of data to cause damage or inconvenience,
- Theft – obtaining valuable data such as information, access or money.
One of the best ways to protect yourself from social engineering attacks is to be able to identify them. Let’s look at some types of social engineering attacks.
Phishing attacks – looks trustworthy?
People using phishing techniques pretend to be a trusted institution or person, convincing the victim to reveal personal data and other valuable items. Phishing attacks are targeted in two ways:
- Spam phishing or mass phishing is a typical attack targeting many users. These attacks are non-personalized and try to catch any unsuspecting person.
- Spear phishing is an attack that uses personalized information to target specific users. Such attacks target “high value” victims such as celebrities, senior management and high-ranking government officials.
What techniques can fraudsters use?
E-mail phishing is the most traditional form of phishing. It uses e-mail messages prompting you to reply or take further actions related to the disclosure of data. Another example is phone calls with voice phishing (vishing). They can automatically record all incoming data. Recently, the most popular method among fraudsters is phishing SMS or messages in mobile applications containing an internet connection or requesting further action via a fake e-mail address or telephone number.
An example known to most of us may be the last wave of false text messages saying: “Dear Addressee, due to the weight of the ordered item, please make an additional payment. For your package to go on its way. Click on the link: ***“.
Remember always to verify such messages on the official helplines or applications of companies or banks that you use!
Luring with bait – I have a unique opportunity for you (your data for yourself)
The bait offers the victim something tempting or interesting to lure them into the trap of social engineering. For this purpose, the scammer may offer a free music download or a gift card to trick you into providing your credentials. Popular scam methods may also include:
- USB flash drives left in public places, such as libraries and parking lots,
- E-mail attachments containing details about a free offer or counterfeit, free software.
These are just a few of the hundreds of fraudsters’ methods every day. How to defend yourself and prevent social engineering attacks?
“Too good to be true?” – YES! Don’t get caught.
Here are some essential ways to protect:
Never click on links in any e-mails or messages,
Use multi-factor authentication,
Use strong passwords and a password manager,
Never leave your devices unsecured in public places,
Try not to log on to devices in public places (e.g. libraries, copy shops).
We should also remember that if we have any doubts – do not act rashly or under the influence of emotions!
Before sharing your data, think about whether the online promotion offered to you sounds too good to be true? Would your friend really ask you to send him money? Does the attachment or link look suspicious?
Attackers expect you to take action before weighing the risks, which means you should do the opposite!
Article prepared by Student Research Group – HSSE Inspektor