Cybercriminals are getting more creative with how they plan their attacks; their newest trend being Social Engineering. Social Engineering is when cybercriminals psychologically manipulate people into divulging confidential information, usually through technology.
This can be done in form of an email, website link, or even a phone call. A hacker will often pose as a legitimate source like a bank or a technical support person to entice you into handing over sensitive information that would compromise your internet security. Regardless of the Social Engineering tactic used, internet security is all about knowing who to trust with personal information, and when. Here are a few tips to help you avoid Social Engineering scams:
Being well-informed is the most powerful tool to avoid Social Engineering attack. There are several websites like Interpol that offer facts on how to identify an attack and ward off hackers. Here are a few types of Social Engineering attacks that you should look out for:
- Phishing: A hacker attempts to acquire information in an electronic communication by posing as a trustworthy service provider like government agencies, banks, or software companies. Phishing messages often direct you to a spoof website. They use threats or instil fear to create a sense of urgency so recipients act fast.
- Baiting: This attack uses some kind of incentive to entice you into giving personal information. For instance, a hacker will use a highly demanded product like a new music video or a new movie to get private information from unsuspecting individuals.
- Pretexting: Hackers use an interesting pretext or ploy to capture your attention. Once the story hooks you, they’ll trick you into giving valuable information.
- Quid pro quo: This scam involves fraudsters offering you a service like software update, and making you believe it’s a fair exchange. Unfortunately, they use that opportunity to install malware on your devices.
Social Engineering attacks convey a sense of urgency, and fraudsters often count on you to act irrationally. If you receive a suspicious request for personal information, take some time to think about it. For starters, banks don’t ask for personal information like card pins, neither does the IRS ask for your social security number. After a moment of reflection, you’ll likely realize it’s a scam.
If you receive any unreasonable demands or unusual requests on behalf of known organizations or individuals, be sure to confirm the information first before acting on it. First, check if the email address or phone number actually belongs to the source it claims to come from.
You can contact the company directly but don’t use the information provided by the request. Instead, check previous statements for contact information. An independent search of the source can also reveal a list of true email addresses, phone numbers, websites, as well as, registered entities and their physical locations. Lastly, do a penetration testing as it shows how much damage a successful attack can have on your network.
Avoid Clicking on Embedded Links and Downloading Attachments from Unknown Sources
If you must check links in emails, use the search engine to manually enter the suggested website’s URL. Also, open attachments in protected view, which is often enabled by default in most operating systems. These two steps allow you to stay in control of where you land.
Put Security in Place
Other than physical security, technology has made it possible for you to use cybersecurity to help mitigate Social Engineering attacks. Secure your device with a strong firewall and an up-to-date antivirus software to help detect and destroy computer viruses. Email software like spam filters should be set too high to help filter out as much junk mail as possible. Use VPN providers to secure your connection, and remember to take advantage of any anti-phishing features offered by your web browser.
Use Strong and Unique Passwords
Password security is essential in protecting you against any cybersecurity attack. When creating passwords, use eight or more characters with a mix of letters, numbers, and symbols. Avoid using easily guessable passwords like 1234, date of birth, names, or the city you live in. Also, never use the same password more than once. If you can’t remember all your different passwords for different sites, use tools like password managers to secure them in one place. In addition, you can use two-factor authentication as it makes it harder for cybercriminals to get into your account.
Avoid Using Public Wi-Fi
Nowadays, free Wi-Fi is available nearly everywhere. Public Wi-Fi is often unsecured, which makes it easy for hackers to distribute malware. Cybercriminals can also set up their own free Wi-Fi network to lure unsuspecting users. If you must use public Wi-Fi, avoid sending sensitive information over the internet. Better yet, use VPN as it encrypts your connections to secure it and protect your privacy.
Avoid Sharing Too Much on Social Media
People like posting everything they do on social media platforms, especially millennials. Hackers can create a clear picture of your life from what you post online. That information can be used to create all manner of Social Engineering ploys, which you are more likely to fall victim of as they draw on the information you unknowingly provided. So, share as little as possible and keep personal and sensitive information off of social media.
Use Common Sense
Trusting your suspicious instincts will go a long way in mitigating Social Engineering attacks. If it sounds too good to be true, then it probably is. Plus, if it’s really that important, the company would use the official channels of communication to reach you, right? And, don’t be too greedy on the web. For instance, why would you be expecting a refund from the bank or IRS if you haven’t lost any money?
While you may not be able to fully eradicate Social Engineering attacks, constantly educating yourself and staying alert is your best defense to lessen the effects of these attacks.