The millennium digital technology has changed our understanding of security and privacy. Relying on developers who create tools that help prevent a large number of network vulnerabilities, we forget that the person himself, or more precisely, the mistakes he makes, remains the biggest enemy of security. It is these mistakes that social engineering uses to get hold of valuable data, and the worst thing is that criminals receive this information with our consent.
What is social engineering?
Social engineering is the acquisition of valuable information in the course of interaction with a person and abuse of trust. Criminals speculate on human psychology, forcing victims to make mistakes, neglecting elementary safety rules, with the result that secret information falls into the hands of fraudsters.
Before you run a psychological attack, the offender collects information. Then he / she proceeds to the second stage – it is necessary to gain confidence in the victim. And having achieved this, with the help of various manipulations the criminal receives all the information he needs – the goal is achieved! Thus, the whole attack process of social engineering is based on human error.
Social engineering techniques
Social engineering is very often used by criminals to be integrated into the organization they need. Taking possession of access to protected data, cyber criminals can freely hang into the file systems of companies, leaving no trace. The possibility of such an attack exists wherever there is a chance of human error or human participation. Techniques of social engineering can be divided into four main types.
Bait
In the course of such attacks, criminals use the qualities of their character against their victims, most often – greed and the desire for easy money. The attacker traps the victim, promising mountains of gold, but eventually the person loses control of his credentials or the system becomes infected with malware.
Getting into such a trap is much easier than it seems at first glance. Baits can be of two types – physical bait and Internet bait. In the first case, the offender uses an infected flash drive, leaving it in a prominent place. After the victim connects the USB flash drive to an office or home computer, the automatic installation of the malicious program destroying the computer system occurs.
In the case of the online version, the user downloads malware from the website. To force you to upload a file, different methods are used – emails, fake web site or advertisements that direct to a malicious site.
Pre-texting
Another technique that cyber criminals resort to is called pre-texting. To get hold of the information, the offender impersonates a person known to you, who allegedly needs your information to perform an important task.
Your friend, family member, or acquaintance may act as such a person. However, most often the criminals play the role of officials – police officers, representatives of tax authorities and other people who have the authority to ask confidential questions. To be more convincing, the offender often asks the victim to pre-confirm the identity.
With this type of attack, you can acquire any important and valuable information, including identification numbers, insurance codes, addresses, telephone numbers and even bank accounts.
Phishing
Phishing is one of the most famous types of psychological attacks. The offender attacks the victim through emails or fake web sites. Phishing schemes in most cases are organized on behalf of known or familiar organizations to the victim.
Suppose you receive an email from a company you know, so it does not occur to you to verify the email address of the sender. You simply open the letter, read that the company’s privacy policy has changed, and you need to follow the link provided in the message and change your password. You do everything as stated in the letter and … congratulations to you! You got caught. The criminals have thought through every step you take, which is why they manage to get people to do what they want.
False antivirus
False antivirus is a type of application, having installed which, the user receives messages about the “infection” of the computer or mobile device. The victim thinks that the computer has been attacked or infected with a virus, and the program suggests downloading software that should remove this virus. Naturally, downloaded software does not solve the problem, but even more destroys the computer.
A common example of a fictitious antivirus is pop-up windows containing messages like “Your computer is infected, to remove a virus, follow the link.” Even if you do not download the proposed file, you will be redirected to an infected site, which will automatically download the malicious code to your system. The bogus virus also spreads via e-mail messages announcing fake threats and forcing to buy useless services.
How to protect against attacks
There are many ways that will not allow you to become a victim of social engineering attacks. First of all, in any situation it is necessary to maintain a sense of mind and composure, and also remember that:
- Request confidential information via e-mail is illegal. If you received such a letter, before you reply, check the address. If the sender is unknown to you, immediately delete the message.
- It is necessary to increase the level of anti-spam filter settings. The ability to customize filters is provided by all email providers.
- Protection of all operating devices is always a plus. Do not forget about anti-virus programs for any platform, whether it is Android, Windows, Mac or Linux. Installing such programs also helps protect against viruses.
- The operating system is recommended to be updated. Almost all operating systems from time to time release updates that eliminate security vulnerabilities.
Leave a Reply