What is Social Engineering and How does it work?
Hello WA Friends,
I cannot believe it is TGIF. Have a great weekend and here is my next series of posts on cybersecurity.
In my previous post, my goal is to educate everyone on the strategy and tactics of malicious hackers. Later in this series, I will discuss what is called defense-in-depth to sum up how to protect yourself and your devices from these attacks.
The purpose of this post is to discuss the most common tactic to steal personal information for financial gain. This is the easiest and so common that most people do realize they are being attacked until it is too late. You have to be diligent and recognize what is going on. It does take time and practice.
What is social engineering and how does it work?
Social engineering is a term used to describe the act of manipulating people into performing actions or divulging confidential information.
Social engineering is a type of confidence trick where the attacker gathers information about the victim to deceive them into revealing secrets such as bank information, credit cards, user credentials, etc. This can be done in person, over the phone, or online with email, chat messages, social media posts, and other digital mediums. The social engineer uses deception to get the victim into opening an attachment, downloading malware, or revealing their passwords.
The name "social engineering" was coined by psychologist Dr. David Krech in 1954 when he published his book "Social Psychology".
This video sums up how easy it is to perform social engineering…prepared to be shocked!
What is phishing, spear phishing, whaling?
Phishing is a form of social engineering that uses electronic communications to impersonate a trustworthy entity in an attempt to scam users. Spear phishing is the more targeted version of phishing, where the attacker sends emails or messages to specific individuals. Whaling or whaling attacks are more focused on executive team members, but the goal is the same: steal sensitive data for financial gain.
An attack on an employee’s account can be devastating to the company in many ways. It can lead to data breaches, financial loss, and much more.
How to Protect Yourself from Social Engineering Attacks & Avoid Data Breaches?
The best way to protect yourself from social engineering attacks is by having a good security awareness program in place. This will help your employees understand how these attacks work and what they need to do to avoid being tricked by them. You should also have a written policy for how your employees should handle emails that are suspicious or appear to be from someone they don't know well, so they can tell the difference between phishing emails and legitimate ones.
Conclusion
Social engineering is the most common strategy being used to attack users from their personal information so they can use it for financial gain. If something looks fishy it probably is. My next post on this subject will talk about the process a hacker uses to break into systems how to prevent those types of attacks.
Cheers,
Keith
Join FREE & Launch Your Business!
Exclusive Bonus - Offer Ends at Midnight Today
00
Hours
:
00
Minutes
:
00
Seconds
2,000 AI Credits Worth $10 USD
Build a Logo + Website That Attracts Customers
400 Credits
Discover Hot Niches with AI Market Research
100 Credits
Create SEO Content That Ranks & Converts
800 Credits
Find Affiliate Offers Up to $500/Sale
10 Credits
Access a Community of 2.9M+ Members
Recent Comments
21
That's scary, Phil
That would not happen with my bank here in the UK
I was always complaining about the length they go to getting me to provide proof of my identity, but now I'm so happy they do
It was becoming annoying to take me through all the security checks every time, I would log into.my account or call them
Now I know it is for my own good
I think Banks have changed a lot of their policies based on this. This was very high profile when it happened. I was at that conference. I attend these to get a feel for what the latest trends are. Banks are ahead of the curve a bit on cybersecurity because of the high stakes. If I am out of town and use my card my bank calls me right away, I actually forgot that Banks started doing this. Now, you know why they are doing this. This video sent shock waves. Thanks for the reminder that there is a control against this that banks are using.
That video was crazy. The crying baby definitely helped her cause and honestly, I think being a woman. It's so scary these days. You just don't know who to trust.
We all get on so many websites too. How do we know which ones are not legit?
Looking forward to your next installment to keep us safe.
~Debbi
It is hard to tell the legit ones sometimes from the non-legit ones. I am one that likes to support small businesses. Small business is the lifeblood of the world. It can be difficult to know Facebook for a while all the ads for products seemed like frauds. I checked a couple of them out and they were. It seems to be a little better but if it seems too good to be true don't act on it.
Some of the fraud schemes I read about in our weekly, local crime report are unbelievable. They are blatant fraud yet they prey on the victim's emotions. It's awful yet with some of these, the people should know better. They are often older people though. Sad.
~Debbi
See more comments
Join FREE & Launch Your Business!
Exclusive Bonus - Offer Ends at Midnight Today
00
Hours
:
00
Minutes
:
00
Seconds
2,000 AI Credits Worth $10 USD
Build a Logo + Website That Attracts Customers
400 Credits
Discover Hot Niches with AI Market Research
100 Credits
Create SEO Content That Ranks & Converts
800 Credits
Find Affiliate Offers Up to $500/Sale
10 Credits
Access a Community of 2.9M+ Members
These are frightening and are usually only successful because of peoples greed.
As any con artist will tell you, the easiest way to scam a mark is to exploit their own greed.
This is the foundation of the classic Nigerian 419 scam, in which the scammer tries to convince the victim to help get supposedly ill-gotten cash out of their own country into a safe bank, offering a portion of the funds in exchange.
These "Nigerian prince" emails have been a running joke for decades, but they're still an effective social engineering technique that people fall for:
in 2007 the treasurer of a sparsely populated Michigan county gave $1.2 million in public funds to such a scammer in the hopes of personally cashing in.
Another common lure is the prospect of a new, better job, which apparently is something far too many of us want: in a hugely embarrassing 2011 breach, the security company RSA was compromised when at least two low-level employees opened a malware file attached to a phishing email with the file name "2011 recruitment plan.xls."
You should always listen to your gut, if it sounds too good to be true, it probably is.
Thanks
Stephen
Yes, I agree. I think people are starting to smarten up on this but I am seeing way too many of these happening still. This is the main way the bad guy's work and until it is not profitable they will continue.