Social Engineering Attacks And How To Avoid Them
Whether it’s an organizational system or your own personal accounts, attackers know that people are often the weakest link in any cyber security posture....
Social Engineering Attacks And How To Avoid Them
0
By Andre Herron Security Technology August 12, 2020

You Are the Weakest Link

Although cyber security has been a hot topic for years, the average person is still very exploitable for an attacker. Whether it’s an organizational system or your own personal accounts, attackers know that people are often the weakest link in any cyber security posture. It doesn’t matter how much money you spend to defend yourself from cyber attackers if you, or someone else, will hand them access to your systems. Attackers will often avoid cyber security defenses by using psychological manipulation to trick people into giving them access to sensitive information. This tactic is called Social Engineering and it has many forms it can take.

The effects of successful Social Engineering attacks could be a wide range of things. On a personal level, you could potentially give attackers access to an account where they can make fraudulent payments with your debit card. On a business level, it could lead to a system breach where the attackers gain access to thousands of customer’s personal information. But sometimes they have the potential to be even scarier. For example, several high-profile Twitter accounts were hacked last month in a social engineering attack. Two of the accounts belonged to former President Barack Obama and former Vice President Joe Biden. Imagine what those attackers could do if they managed to gain access to President Trump’s Twitter account. They could potentially cause social or economic panic.

4 Types of Social Engineering attacks

  • Phishing is when an attacker sends fraudulent emails, phone calls, or text messages to a victim while posing as a legitimate entity. This is the most common form of social engineering attack and usually incorporates scare tactics. The emails can look nearly identical to an actual email from a reputable company and will often include a link to a fraudulent web page or a malicious attachment that will inject malware onto the system.
  • Pretexting is when a scammer tries to trick their target into giving them personal information under the pretext of being someone the victim can trust and has authority. For example, the attacker may claim to be representing your bank and they need to confirm your identity with a series of questions.
  • Baiting is typically when attackers try to lure in victims with the promise of some item. They might promise you a free gift card if you sign up on their website, which is actually designed to steal your information. This trap can also take place physically by leaving a flash drive in a public area. Here the attacker hopes that some unsuspecting person takes the flash drive and connects it to their home or work PC, where the flash drive will automatically inject malware onto the system.
  • Tailgating is when an attacker follows an authorized employee into a restricted area. Usually the attacker will impersonate a co-worker or delivery person and simply walk in behind the authorized employee. This sometimes allows them to bypass security measures because in larger organizations it is difficult to know exactly who every legitimate employee is.

Tips to prevent Social Engineering Attacks

  • Don’t open emails from suspicious sources or click suspicious links. Examine the emails carefully for any sign of fraudulence. Always verify the senders email address.
  • Do not connect unknown media to your devices. Finding that flash drive on the ground may not have been good luck.
  • Lock your devices when you leave them unattended.
  • Always be skeptical. Do not reveal personal information to strangers or people claiming to be someone you know. Turn the tables on them and verify their identity before revealing any information.
  • Keep your anti-virus software updated. Many malware attacks are caused by known vulnerabilities left unpatched.
  • Be mindful of the personal information you post on social media. Attackers will mine profiles for information to help them find targets.
  • Do not allow strangers on the premises. If they claim to be an employee, then let them properly authenticate to gain access. If you are not sure about a delivery person, then ask a security guard to verify the delivery.

Related Posts

Stop Using Weak Passwords

Lorem Ipsum. Proin gravida nibh vel velit auctor aliquet. Aenean sollicitudin, lorem quis bibendum auctor, nisi elit consequat ipsum, nec sagittis sem nibh id elit. Duis sed odio sit amet nibh vulputate cursus a sit amet mauris.

0
03 Jun 2020
Phishing Guts Part 2

It was designed to help “assist in the global control of ‘spam’ and ‘phishing’,” so failing this is a pretty significant flag…..

0
03 Dec 2020
7-Zip: A Beginner’s Guide To Compressing and Securing Your Files

7-zip grants you an extra layer of security to protect important files….

0
02 May 2022
Hiding In Plain Sight – Steganography and Polyglot Files

Unlike with cryptography, steganography messages are readable to anyone with the tools to find them…..

0
22 Jul 2021
Protect Your MFA Codes From Bots

The rise of these bot services is alarming because it shows a flaw in how services use MFA….

0
07 Oct 2021
A Different Kind of Zombie Apocalypse

Someone else has the keys to your device, and they’re driving…

0
15 Oct 2020
7 Simple Tips to Make Your Android Phone More Secure

While privacy on Android may seem impossible, there are steps you can take to improve it….

2
16 May 2022
Wigle? Why not?

Wigle.net contains almost 14 Billion records of Wi-Fi devices and their associated locations. We’ll review how it’s used, how to avoid ending up in that list, and how to opt out if it’s too late…

3
14 Jul 2022
The Growing Threat Of Ransomware

The bad news is you are increasingly likely to be the victim of a different kind of hostage situation….

0
10 Jun 2021
Travel Safety

Do you want a foreign government or the thief who steals your wallet or purse to have pictures of your family, along with your drivers license that has your address?

0
01 Jul 2020
Scams Hiding In QR Codes

Should you be trusting of any random QR code that you find? I don’t think so….

0
21 Jan 2021
8 Simple Tips to Make Your iPhone More Secure

Your phones care very little about your security and privacy out of the box….

0
15 Apr 2022
Crypto-Crime: A New Security Challenge

The rapidly rising popularity of cryptocurrencies puts investors directly in the sights of criminals looking to steal more crypto for themselves….

0
06 Sep 2022
Traveling Safely With Technology

If your phone is confiscated or stolen, do you want all of your personal information in the hands of someone else? Not this guy!

0
22 Jul 2020
Cloud Computing Services

“The cloud” has become a ubiquitous term but there are still a lot of people that don’t understand it….

0
17 Dec 2020

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.